CVE-2019-3562 — MEDIUM (6.1)

Q: How severe is CVE-2019-3562?

CVE-2019-3562 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3562?

Check the references section above for vendor advisories and patch information. Affected products include: Oculus Oculus Browser.

Vulnerability Description

A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Oculus	Oculus Browser	>= 5.2.7, <= 5.7.11

Related Weaknesses (CWE)

CWE-74 CWE-79

References

https://www.facebook.com/security/advisories/cve-2019-3562Third Party Advisory
https://www.facebook.com/security/advisories/cve-2019-3562Third Party Advisory

FAQ

What is CVE-2019-3562?

CVE-2019-3562 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2....

How severe is CVE-2019-3562?

CVE-2019-3562 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3562?

Check the references section above for vendor advisories and patch information. Affected products include: Oculus Oculus Browser.