Miggo Logo

CVE-2019-13234: XSS in search engine

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.83009%
Published
11/12/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.opencms:opencms-coremaven< 11.0.111.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided commit history from the alkacon/apollo-template repository shows no security-related changes to search functionality or XSS mitigation. The vulnerability exists in opencms-core (not apollo-template), but no actual code changes or patch details are provided for the core module. While XSS vulnerabilities typically involve input handling and output encoding functions, the lack of specific code modifications in the provided materials prevents confident identification of exact vulnerable functions. The GHSA references suggest the search engine component is involved, but without seeing the patched code differences in org.opencms:opencms-core, we cannot reliably map this to specific runtime-detectable functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In t** *lk**on Op*n*ms *pollo T*mpl*t* **.*.* *n* **.*.*, t**r* is XSS in t** s**r** *n*in*.

Reasoning

T** provi*** *ommit *istory *rom t** *lk**on/*pollo-t*mpl*t* r*pository s*ows no s**urity-r*l*t** ***n**s to s**r** *un*tion*lity or XSS miti**tion. T** vuln*r**ility *xists in `op*n*ms-*or*` (not *pollo-t*mpl*t*), *ut no **tu*l *o** ***n**s or p*t**