CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-1000024

OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result in Cross-site scripting.This attack appear to be exploitable via network connectivity.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.0%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-%28XSS%29-in-OPTOSS-Next-Gen-Network-Management-System-%28NG-NetMS%29.html
https://sourceforge.net/projects/ngnms/
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
https://inf0seq.github.io/cve/2019/01/20/Cross-site-scripting-%28XSS%29-in-OPTOSS-Next-Gen-Network-Management-System-%28NG-NetMS%29.html
https://sourceforge.net/projects/ngnms/
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

Products affected by CVE-2019-1000024

Opt-Net » Ng-Netms » Version: 3.3

cpe:2.3:a:opt-net:ng-netms:3.3
Opt-Net » Ng-Netms » Version: 3.5

cpe:2.3:a:opt-net:ng-netms:3.5
Opt-Net » Ng-Netms » Version: 3.6-2

cpe:2.3:a:opt-net:ng-netms:3.6-2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1000024

Products

Pricing

Contact Us