Unrated severityNVD Advisory· Published Jan 28, 2020· Updated Aug 4, 2024

CVE-2019-10779

Description

All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

stroom/stroom-appdescription
stroom/stroom-appllm-create
Range: <5.5.12, <6.0.25

Patches

Vulnerability mechanics

References

snyk.io/vuln/SNYK-JAVA-STROOM-541182mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000