CVE-2019-11291

LOW Year: 2019
CVSS v3 Score
3.1
Low
CVSS v2 Score
3.5
Low
Weakness Type
CWE-79
View all →

Vulnerability Description

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.

Related Vulnerabilities

CVE-2016-7239

LOW
CVSS:3.1(Low)

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information ...

CWE-792016

CVE-2023-48679

LOW
CVSS:3.1(Low)

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

CWE-792023

CVE-2024-25637

LOW
CVSS:3.1(Low)

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. T...

CWE-792024

CVE-2024-28866

LOW
CVSS:3.1(Low)

GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 (inclusive) are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while G...

CWE-792024

CVE-2024-43411

LOW
CVSS:3.1(Low)

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gain...

CWE-792024