CVE-2019-18652
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).
Ha sido identificada una vulnerabilidad de tipo XSS basada en DOM en el WatchGuard XMT515 versiones hasta la versión 12.1.3, permitiendo a un atacante remoto ejecutar JavaScript en el navegador de la víctima al engañar a la víctima para que haga clic en un enlace especialmente diseñado. La carga útil fue probada en Microsoft Internet Explorer versión 11.418.18362.0 y Microsoft Edge versión 44.18362.387.0 (Microsoft EdgeHTML versión 18.18362).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-31 CVE Reserved
- 2020-01-07 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://gitlab.com/crypt0crc/cve-2019-18652 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Watchguard Search vendor "Watchguard" | Xmt515 Firmware Search vendor "Watchguard" for product "Xmt515 Firmware" | <= 12.3 Search vendor "Watchguard" for product "Xmt515 Firmware" and version " <= 12.3" | - |
Affected
| in | Watchguard Search vendor "Watchguard" | Xmt515 Search vendor "Watchguard" for product "Xmt515" | - | - |
Safe
|