CVE-2019-3490

Summary

A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.

Affected Software

VendorProductVersion RangeStatus
OESNetstorage component of Open Enterprise ServerOES2015SP1affected
OESNetstorage component of Open Enterprise ServerOES2018affected
OESNetstorage component of Open Enterprise Serverand OES2018SP1affected

Weaknesses

  • DOM based XSS

ADP Enrichment

CVE Program Container

Additional References

References