{"id":"CVE-2019-13274","details":"In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.","modified":"2026-03-12T22:58:46.514944Z","published":"2019-08-27T17:15:10.367Z","references":[{"type":"ADVISORY","url":"https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.3.28"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13274.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}