admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-14 03:00:46 +00:00
parent 8eab9ae119
commit 8e9e214a14
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2019/9xxx/CVE-2019-9834.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user."
"value": "** DISPUTED ** The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot."
}
]
},
@ -61,6 +61,11 @@
"name": "https://www.youtube.com/watch?v=zSG93yX0B8k",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=zSG93yX0B8k"
},
{
"refsource": "MISC",
"name": "https://github.com/netdata/netdata/issues/5800#issuecomment-510986112",
"url": "https://github.com/netdata/netdata/issues/5800#issuecomment-510986112"
}
]
}