Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2019-13235

CVE-2019-13235:
XSS in login form

6.1

CVSS Score

Basic Information

CVE ID
CVE-2019-13235
GHSA ID
GHSA-2p6p-v69p-9mm9
EPSS Score
-
CWE
CWE-79
Published
11/12/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.opencms:opencms-coremaven< 11.0.111.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

While no direct patch diffs are available, the XSS vulnerability in the login form suggests: 1) Input handling methods that process user-supplied parameters without validation 2) Output rendering methods that display user-controlled values without proper escaping. The login form handler and JSP rendering layer are the most probable locations based on Java web application patterns. Confidence is medium due to lack of direct patch evidence but strong contextual alignment with XSS vulnerability patterns in login forms.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In t** *lk**on Op*n*ms *pollo T*mpl*t* **.*.* *n* **.*.*, t**r* is XSS in t** Lo*in *orm.

Reasoning

W*il* no *ir**t p*t** *i**s *r* *v*il**l*, t** XSS vuln*r**ility in t** lo*in *orm su***sts: *) Input **n*lin* m*t*o*s t**t pro**ss us*r-suppli** p*r*m*t*rs wit*out v*li**tion *) Output r*n**rin* m*t*o*s t**t *ispl*y us*r-*ontroll** v*lu*s wit*out pr