1. Home
  2. CVE Database
  3. CVE-2019-25265
MEDIUM · 6.4

CVE-2019-25265

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the...

Vulnerability Description

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2019-25265?

CVE-2019-25265 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the...

How severe is CVE-2019-25265?

CVE-2019-25265 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-25265?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.