Vulnerability Details CVE-2019-14652
explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explorer) v2 alpha before 2019-08-02 allows XSS in certain circumstances.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/awslabs/aws-js-s3-explorer/commit/7be671e858601455d6969e445d21a911632d6c94
- https://github.com/awslabs/aws-js-s3-explorer/commit/87efa7d6885c4a9d8473ec5893adf8e4922a8a89
- https://github.com/awslabs/aws-js-s3-explorer/pull/62
- https://github.com/awslabs/aws-js-s3-explorer/commit/7be671e858601455d6969e445d21a911632d6c94
- https://github.com/awslabs/aws-js-s3-explorer/commit/87efa7d6885c4a9d8473ec5893adf8e4922a8a89
- https://github.com/awslabs/aws-js-s3-explorer/pull/62
Products affected by CVE-2019-14652
-
cpe:2.3:a:amazon:aws_javascript_s3_explorer:1.0.0