CVE-2019-17504

An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.

Published : 2019-10-11 17:15 Updated : 2019-10-16 12:30

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Kirona Dynamic Resource Scheduling 5.5.3.5 cpe:/a:kirona:dynamic_resource_scheduling:5.5.3.5
  1. Kirona (1) Search CVE
    1. Dynamic Resource Scheduling (1) Search CVE
      1. 5.5.3.5

CWE

ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2019-10-16 12:30
2019-10-11 17:15

New CVE