Home

CVE-2019-16935

Description

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.719

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0Windows
An interactive high-level object-oriented language (USN-4151-1) python2.7_2.7.16-2ubuntu0.2_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7_2.7.16-2ubuntu0.2_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7_2.7.12-1ubuntu0~16.04.9_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7_2.7.12-1ubuntu0~16.04.9_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7_2.7.15-4ubuntu4~18.04.2_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7_2.7.15-4ubuntu4~18.04.2_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.5_3.5.2-2ubuntu0~16.04.9_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.5_3.5.2-2ubuntu0~16.04.9_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.6_3.6.8-1~18.04.3_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.6_3.6.8-1~18.04.3_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.7_3.7.3-2ubuntu0.2_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.7_3.7.3-2ubuntu0.2_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7-minimal_2.7.16-2ubuntu0.2_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7-minimal_2.7.16-2ubuntu0.2_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.9_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.9_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7-minimal_2.7.15-4ubuntu4~18.04.2_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python2.7-minimal_2.7.15-4ubuntu4~18.04.2_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.9_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.9_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.6-minimal_3.6.8-1~18.04.3_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.6-minimal_3.6.8-1~18.04.3_amd64.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.7-minimal_3.7.3-2ubuntu0.2_i386.debLinux
An interactive high-level object-oriented language (USN-4151-1) python3.7-minimal_3.7.3-2ubuntu0.2_amd64.debLinux
(RHSA-2020:3911) python security update python-2.7.5-89.el7.x86_64.rpmLinux
(RHSA-2020:3911) python security update python-debug-2.7.5-89.el7.x86_64.rpmLinux
(RHSA-2020:3911) python security update python-devel-2.7.5-89.el7.x86_64.rpmLinux
(RHSA-2020:3911) python security update python-libs-2.7.5-89.el7.i686.rpmLinux
(RHSA-2020:3911) python security update python-libs-2.7.5-89.el7.x86_64.rpmLinux
(RHSA-2020:3911) python security update python-test-2.7.5-89.el7.x86_64.rpmLinux
(RHSA-2020:3911) python security update python-tools-2.7.5-89.el7.x86_64.rpmLinux
(RHSA-2020:3911) python security update tkinter-2.7.5-89.el7.x86_64.rpmLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10_3.10.12-1~22.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.10-minimal_3.10.12-1~22.04.4_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11_3.11.6-3ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.11-minimal_3.11.6-3ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12_3.12.0-1ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.12-minimal_3.12.0-1ubuntu0.1_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8_3.8.10-0ubuntu1~20.04.10_i386.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_amd64.debLinux
An interactive high-level object-oriented language (USN-6891-1) python3.8-minimal_3.8.10-0ubuntu1~20.04.10_i386.debLinux
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2019-16935)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234