CVE-2019-14478 Vulnerability Details

  /     /     /  

CVE-2019-14478 Metadata Quick Info

CVE Published: 16/12/2020 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: mitre | Vendor: n/a | Product: n/a
Status : PUBLISHED

---

CVE-2019-14478 Description

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user\'s input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user\'s browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).