CVE-2019-14862

Description

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

CVSS Version 3.1
CVSS Version 3.0
CVSS Version 2.0

nvd
CVE ID: CVE-2019-14862
Base Score: 6.1
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8

redhat
CVE ID: CVE-2019-14862
Base Score: 6.1
Base Severity: MEDIUM
Vector String:CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

nvd
CVE ID: CVE-2019-14862
Base Score: 4.3
Base Severity: MEDIUM
Vector String:AV:N/AC:M/Au:N/C:N/I:P/A:N

Content on GitHub

ossf-cve-benchmark | watchers:0

CVE-2019-14862

Refrence: GitHub

Refrence: NVD MITRE

Description​

Content on GitHub​

Description

Content on GitHub