CVE-2019-7551

critical

Description

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app.

References

https://www.bishopfox.com/news/2019/03/cantemo-portal-version-3-8-4-cross-site-scripting/

https://www.bishopfox.com/blog/news-category/advisories/

https://doc.cantemo.com/latest/ReleaseNotes/intro.html#version-3-4-9

https://blog-posts--cantemo.netlify.com/news/2019/03/cantemo-portal-xss-vulnerabilities/

Details

Source: Mitre, NVD

Published: 2019-04-10

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00577