Cross-Site Scripting (XSS) Vulnerability in Intland codeBeamer ALM 9.5 and Earlier: Upload Flash File Feature

CVE-2019-19912 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.

Learn more about our Web Application Penetration Testing UK.