A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
References
Configurations
History
07 Nov 2023, 03:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-03-26 18:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-3826
Mitre link : CVE-2019-3826
CVE.ORG link : CVE-2019-3826
JSON object : View
Products Affected
prometheus
- prometheus
redhat
- openshift_container_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')