How severe is CVE-2019-11718?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-11718?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2019-11718

MEDIUM Year: 2019

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-74

View all →

Vulnerability Description

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68.

CVE-2010-4658

MEDIUM

CVSS:5.3(Medium)

statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks.

CWE-742010

CVE-2011-3624

MEDIUM

CVSS:5.3(Medium)

Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote a...

CWE-742011

CVE-2013-4578

MEDIUM

CVSS:5.3(Medium)

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper fil...

CWE-742013

CVE-2013-7324

MEDIUM

CVSS:5.3(Medium)

Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavio...

CWE-742013