Main Vulnerability Database Exploits ID:5861 - Exploit for Reflected cross-site scripting in build-metrics - CVE-2019-10475

ID:5861 - Exploit for Reflected cross-site scripting in build-metrics - CVE-2019-10475

Published: June 17, 2021

Vulnerability identifier: #VU22270

Vulnerability risk: Low

CVE-ID: CVE-2019-10475

CWE-ID: CWE-79

Exploitation vector: Remote access

Vulnerable software:
build-metrics

Link to public exploit:

https://www.exploit-db.com/exploits/47598/

Vulnerability description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "label" query parameter. The vulnerability allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:5861 - Exploit for Reflected cross-site scripting in build-metrics - CVE-2019-10475

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human