CVE-2019-6180
Last modified
CVE-2019-6180 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Xclarity Administrator | < 2.5.0 |
References
- https://support.lenovo.com/solutions/LEN-27805Patch, Vendor Advisory
- https://support.lenovo.com/solutions/LEN-27805Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-6180?
How severe is CVE-2019-6180?
How do I fix CVE-2019-6180?
Are you affected by CVE-2019-6180?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST