CVE-2019-3911

Summary

Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.

Affected Software

VendorProductVersion RangeStatus
TenableLabKey Server Community EditionVersions before 18.3.0-61806.763affected

Weaknesses

  • CWE-79: CWE-79 Reflected XSS

ADP Enrichment

CVE Program Container

Additional References

References