VYPR
Moderate severityOSV Advisory· Published Mar 26, 2019· Updated Aug 4, 2024

CVE-2019-3826

CVE-2019-3826

Description

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/prometheus/prometheusGo
< 2.7.12.7.1

Affected products

635

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.