Security Advisory

CVE-2019-15701

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-08-27 17:25:56

Last updated 2024-08-05 00:56:22

Assigner mitre

State PUBLISHED

Description

components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victims machine) when the search functions autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name.

← Browse all CVEs View on cve.org ↗