Security Advisory

CVE-2019-3911

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-01-30 20:00:00

Last updated 2024-09-17 04:14:40

Assigner tenable

State PUBLISHED

Description

Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.

← Browse all CVEs View on cve.org ↗