Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-10085

In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2019-10085
  • Apache » Allura » Version: 1.0.0
    cpe:2.3:a:apache:allura:1.0.0
  • Apache » Allura » Version: 1.0.1
    cpe:2.3:a:apache:allura:1.0.1
  • Apache » Allura » Version: 1.1.0
    cpe:2.3:a:apache:allura:1.1.0
  • Apache » Allura » Version: 1.10.0
    cpe:2.3:a:apache:allura:1.10.0
  • Apache » Allura » Version: 1.2.0
    cpe:2.3:a:apache:allura:1.2.0
  • Apache » Allura » Version: 1.2.1
    cpe:2.3:a:apache:allura:1.2.1
  • Apache » Allura » Version: 1.3.0
    cpe:2.3:a:apache:allura:1.3.0
  • Apache » Allura » Version: 1.3.1
    cpe:2.3:a:apache:allura:1.3.1
  • Apache » Allura » Version: 1.3.2
    cpe:2.3:a:apache:allura:1.3.2
  • Apache » Allura » Version: 1.4.0
    cpe:2.3:a:apache:allura:1.4.0
  • Apache » Allura » Version: 1.5.0
    cpe:2.3:a:apache:allura:1.5.0
  • Apache » Allura » Version: 1.6.0
    cpe:2.3:a:apache:allura:1.6.0
  • Apache » Allura » Version: 1.7.0
    cpe:2.3:a:apache:allura:1.7.0
  • Apache » Allura » Version: 1.8.0
    cpe:2.3:a:apache:allura:1.8.0
  • Apache » Allura » Version: 1.8.1
    cpe:2.3:a:apache:allura:1.8.1
  • Apache » Allura » Version: 1.9.0
    cpe:2.3:a:apache:allura:1.9.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved