Miggo Logo

CVE-2019-1010113: Cross-site scripting in CLEditor

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.47285%
Published
7/26/2019
Updated
2/1/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
CLEditornuget<= 1.4.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in href attribute handling within the jQuery plugin component. While exact function names aren't provided in available resources, XSS occurs when unsanitized user-controlled input is directly inserted into href attributes. This typically happens in link insertion/editing functions that lack proper URI scheme validation (e.g., allowing 'javascript:' URIs). The medium confidence reflects the lack of direct code references, but the attack vector and component information strongly suggest improper input handling in link-related functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pr*mium So*tw*r* *L**itor *.*.* *n* **rli*r is *****t** *y: *ross Sit* S*riptin* (XSS). T** imp**t is: *n *tt**k*r mi**t ** **l* to inj**t *r*itr*ry *tml *n* s*ript *o** into t** w** sit*. T** *ompon*nt is: jQu*ry plu*-in. T** *tt**k v**tor is: t** v

Reasoning

T** vuln*r**ility m*ni**sts in *r** *ttri*ut* **n*lin* wit*in t** `jQu*ry` plu*in *ompon*nt. W*il* *x**t *un*tion n*m*s *r*n't provi*** in *v*il**l* r*sour**s, XSS o**urs w**n uns*nitiz** us*r-*ontroll** input is *ir**tly ins*rt** into *r** *ttri*ut*