Vulnerability Description
Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digitalalertsystems | Dasdec Ii Firmware | < 4.1 |
| Digitalalertsystems | Dasdec Ii | - |
| Digitalalertsystems | One-Net Se Firmware | < 4.1 |
| Digitalalertsystems | One-Net Se | - |
| Digitalalertsystems | Dasdec I Firmware | < 4.1 |
| Digitalalertsystems | Dasdec I | - |
| Digitalalertsystems | One-Net Firmware | < 4.1 |
| Digitalalertsystems | One-Net | - |
| Digitalalertsystems | Dasdec Iii Firmware | < 4.1 |
| Digitalalertsystems | Dasdec Iii | - |
Related Weaknesses (CWE)
References
- https://www.digitalalertsystems.com/security-advisoryMitigationVendor Advisory
- https://www.digitalalertsystems.com/security-advisoryMitigationVendor Advisory
FAQ
What is CVE-2019-18265?
CVE-2019-18265 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username...
How severe is CVE-2019-18265?
CVE-2019-18265 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18265?
Check the references section above for vendor advisories and patch information. Affected products include: Digitalalertsystems Dasdec Ii Firmware, Digitalalertsystems Dasdec Ii, Digitalalertsystems One-Net Se Firmware, Digitalalertsystems One-Net Se, Digitalalertsystems Dasdec I Firmware.