CVE-2019-3562

Summary

A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11.

Affected Software

VendorProductVersion RangeStatus
OculusOculus Browser5.7.11affected
OculusOculus Browser5.2.7 < unspecifiedaffected
OculusOculus Browserunspecified < 5.2.7unaffected

Weaknesses

  • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (CWE-74)

ADP Enrichment

CVE Program Container

Additional References

References