VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 17, 2018· Updated Aug 5, 2024

CVE-2018-19773

CVE-2018-19773

Description

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentUser.jsp" has reflected XSS via the GroupId and ConnPoolName parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Reflected XSS in InfoVista VistaPortal SE 5.1's EditCurrentUser.jsp allows attack via GroupId and ConnPoolName parameters.

Vulnerability

Reflected Cross-Site Scripting (XSS) vulnerability in InfoVista VistaPortal SE Version 5.1 (build 51029). The issue exists in the EditCurrentUser.jsp page, where the GroupId and ConnPoolName parameters are not properly sanitized, allowing injection of arbitrary HTML and JavaScript. [1]

Exploitation

An attacker can craft a malicious URL containing XSS payload in the GroupId or ConnPoolName parameters. When a victim visits the crafted URL, the payload executes in the context of the vulnerable application. No authentication is required for exploitation. [1]

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. The attack is limited to the scope of the vulnerable page and user's session.

Mitigation

As of the publication date (2018-12-17), no official patch has been released. Users should apply input validation and output encoding for the affected parameters, or restrict access to the EditCurrentUser.jsp page. [1]

References
  1. Packet Storm

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.