{"id":"CVE-2019-11776","details":"In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.","modified":"2025-11-14T09:05:22.255157Z","published":"2019-08-09T19:15:11.063Z","references":[{"type":"EVIDENCE","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546816"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse/birt","events":[{"introduced":"0"},{"last_affected":"909d8fc3bc76a6787b1d0b4a2c5dfb578950a875"}]}],"versions":["BIRT","BIRT_2_0_Release_20060123","BIRT_3_7_1_RC1_201108161621","BIRT_3_7_1_RC2_201108292127","BIRT_3_7_1_RC3_201109051820","BIRT_3_7_1_Release_201109131734","BIRT_3_7_2_RC1_201201171144","BIRT_3_7_2_Release_201202141408","BIRT_4_2_0_M6_201203201425","BIRT_4_2_0_M7_201205081131","BIRT_4_2_0_RC1_201205211733","BIRT_4_2_0_RC2_201205281846","BIRT_4_2_0_RC3_201206051006","BIRT_4_2_0_Release_201206131143","BIRT_4_2_1_RC1_201208201733","BIRT_4_2_1_RC2_201209041129","BIRT_4_2_1_RC3_201209111016","BIRT_4_2_1_Release_201209121721","BIRT_4_2_2_RC1_201301142359","BIRT_4_2_2_RC2_201301291123","BIRT_4_2_2_RC3_201302061509","BIRT_4_2_2_Release_201302161152","BIRT_4_3_0_M7_201305071501","BIRT_4_3_0_Release_201306131152","BIRT_4_3_1_RC2_201309031312","BIRT_4_3_1_RC3_201309092207","BIRT_4_3_1_Release_201309181142","BIRT_4_3_2_Release_201402191316","BIRT_4_4_0_RC1_201405211030","BIRT_4_4_0_RC2_201405281057","BIRT_4_4_0_Release_201406111043","BIRT_4_4_1_Release_201409161320","BIRT_4_5_0_RC4_201506092134","BIRT_4_5_0_Release_201506092134","BIRT_4_5_1_Release_201506092134","BIRT_4_6_0_Release_201606072112","BIRT_4_7_0_Release_201706222054","v200705101451","v20110803","v20110815","v20110905","v201110281843","v20120117","v20120213","v20120320","v20120508","v20120521","v20120528","v20120604","v20120611","v20120612","v2012061217","v201208151105","v20120820","v201208211204","v201208231223","v201208281709","v201208290611","v201208290612","v201208291456","v201208291607","v201208301143","v201209041636","v201209060505","v201209060607","v201209060743","v201209061114","v201209061119","v201209071804","v201209081329","v201209101219","v201209101448","v201209101614","v201209101712","v201209111026","v201209111701","v201209121047","v201209121203","v201209121206","v201209121213","v201210101433","v201210111858","v201210121150","v201210121419","v201210270340","v201210270645","v201210291448","v201210311048","v201210311502","v201211070211","v201211121517","v201211201109","v201211211442","v201211221117","v201211261349","v201212061403","v201212061427","v201212061546","v201212131704","v201212171413","v201212171552","v201212191200","v201212191626","v201212201125","v201212211615","v201212241449","v201212271608","v201212311506","v201301041109","v201301041534","v201301051556","v201301071801","v201301091119","v201301091129","v201301101706","v201301141601","v201301141700","v201301141726","v201301142301","v201301151528","v201301151658","v201301161630","v201301161710","v201301181657","v201301211253","v201301211803","v201301221637","v201301240249","v201301241429","v201301281456","v201301281649","v201301281728","v201301291446","v201302011519","v201302011523","v201302011627","v201302041142","v201302051100","v201302051125","v201302051912","v201302161616","v201302211405","v201302221412","v201302221451","v201302221509","v201302221534","v201302222048","v201302251425","v201302251528","v201302251742","v201302261106","v201302261437","v201302261440","v201302271052","v201302271630","v201302281342","v201302281614","v201303010405","v201303010503","v201303011740","v201303041525","v201303041748","v201303042250","v201303111102","v201303111125","v201303121119","v201303151337","v201303151421","v201303151518","v201303151606","v201303261643","v201303270223","v201303271507","v201303281546","v201303291417","v201304021257","v201304031057","v201304031124","v201304050220","v201304081502","v201304091549","v201304100954","v201304161117","v201304161221","v201304161757","v201304170155","v201304171117","v201304190610","v201304191113","v201304191542","v201304231448","v201304231501","v201304231659","v201304241530","v201304251532","v201304251830","v201304281859","v201304300609","v201305021052","v201305021054","v201305021541","v201305021544","v201305030149","v201305031540","v201305061106","v201305061515","v201305061749","v201305061752","v201305061757","v201305061831","v201305071255","v201305071336","v201305071453","v201305090443","v201305101145","v201305101651","v201305101725","v201305140133","v201305151010","v201305151455","v201305160145","v201305161013","v201305161014","v201305161350","v201305161434","v201305161928","v201305171547","v201305171710","v201305172335","v201305180941","v201305201440","v201305201610","v201305210721","v201305210805","v201305221116","v201305221129","v201305221647","v201305231159","v201305231410","v201305231611","v201305241042","v201305241526","v201305290957","v201305291155","v201305291555","v201305311832","v201306031409","v201306031803","v201307151444","v201308301349","v201309021618","v201309021722","v201309031220","v201309031242","v201309081955","v201309091742","v201309131458","v201309161141","v201309171028","v201309222030","v201310240236","v20140211-1400","v201402141300","v201402232139","v201403071303","v201403101002","v201403101018","v201403111256","v201405161656","v201405191524","v201407231134","v201408191527","v201408201117","v201408221743","v201408270928","v201408271729","v201408271734","v201408290142","v201408291544","v201409021130","v201409021142","v201409021149","v201409021541","v201409021703","v201409021814","v201409031011","v201409031132","v201409031434","v201409031625","v201409041008","v201409041153","v201409050910","v201409051015","v201409051029","v201409051448","v201409051502","v201409051517","v201409051615","v201409051758","v201409081055","v201409081527","v201409111043","v201409111614","v201409120017","v201409121334","v201409151154","v201409160530","v201410272105","v201411040904","v201411051741","v201411061701","v201411071527","v201411071655","v201411111557","v201411141154","v201411141524","v201411141525","v201411141709","v201411141714","v201411141718","v201411181219","v201411181632","v201411181634","v201411211514","v201411241121","v201412081016","v201412081440","v201412151637","v201412161149","v201412161714","v201412171515","v201412171534","v201501061437","v201501061718","v201501081649","v201501081716","v201501121620","v201501131656","v201501131705","v201501151615","v201501161203","v201501221215","v201501231018","v201501271725","v201501271729","v201501281238","v201501291107","v201502021415","v201502021420","v201502021426","v201502021803","v201502031235","v201502041715","v201502051523","v201502051720","v201502051740","v201502061103","v201502091702","v201504081806","v201504101704","v201504101734","v201504141336","v201504171023","v201504231733","v201504240905","v201504271033","v201504291002","v201504301608","v201505050958","v201505051415","v201505061331","v201505061401","v201505061438","v201505061555"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11776.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}