Vulnerability Description
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Primasystems | Flexair | <= 2.3.38 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-SiExploitThird Party AdvisoryVDB Entry
- https://applied-risk.com/index.php/download_file/view/199/165Broken Link
- https://applied-risk.com/labs/advisoriesNot ApplicableThird Party Advisory
- https://applied-risk.com/resources/ar-2019-007Third Party Advisory
- https://www.us-cert.gov/ics/advisories/icsa-19-211-02Third Party AdvisoryUS Government Resource
- http://packetstormsecurity.com/files/155274/Prima-Access-Control-2.3.35-Cross-SiExploitThird Party AdvisoryVDB Entry
- https://applied-risk.com/index.php/download_file/view/199/165Broken Link
- https://applied-risk.com/labs/advisoriesNot ApplicableThird Party Advisory
- https://applied-risk.com/resources/ar-2019-007Third Party Advisory
- https://www.us-cert.gov/ics/advisories/icsa-19-211-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-7671?
CVE-2019-7671 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a us...
How severe is CVE-2019-7671?
CVE-2019-7671 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-7671?
Check the references section above for vendor advisories and patch information. Affected products include: Primasystems Flexair.