CyberSec.Space Logo
Back to CVE Browser

CVE-2019-13488

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile22.26th
PublishedJul 10, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used.

Affected Platforms (CPE)

📦
Trape Project

Trape

<= 2019-05-08

References & Advisories

🔗 https://github.com/jofpin/trape/issues/169
🔗 https://github.com/jofpin/trape/issues/169

Related Vulnerabilities

CVE-2017-177139.8

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, ...

CVE-2019-134899.8

Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter.

CVE-2017-177146.1

Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /regis...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.