Vulnerability Description
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cantemo | Portal | < 3.2.13 |
Related Weaknesses (CWE)
References
- https://blog-posts--cantemo.netlify.com/news/2019/03/cantemo-portal-xss-vulnerabRelease NotesVendor Advisory
- https://doc.cantemo.com/latest/ReleaseNotes/intro.html#version-3-4-9Release NotesVendor Advisory
- https://www.bishopfox.com/blog/news-category/advisories/Third Party Advisory
- https://www.bishopfox.com/news/2019/03/cantemo-portal-version-3-8-4-cross-site-sExploitThird Party Advisory
- https://blog-posts--cantemo.netlify.com/news/2019/03/cantemo-portal-xss-vulnerabRelease NotesVendor Advisory
- https://doc.cantemo.com/latest/ReleaseNotes/intro.html#version-3-4-9Release NotesVendor Advisory
- https://www.bishopfox.com/blog/news-category/advisories/Third Party Advisory
- https://www.bishopfox.com/news/2019/03/cantemo-portal-version-3-8-4-cross-site-sExploitThird Party Advisory
FAQ
What is CVE-2019-7551?
CVE-2019-7551 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could ena...
How severe is CVE-2019-7551?
CVE-2019-7551 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-7551?
Check the references section above for vendor advisories and patch information. Affected products include: Cantemo Portal.