{"id":"CVE-2019-19394","details":"Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.","modified":"2026-02-03T07:04:10.492212Z","published":"2020-04-16T19:15:22.510Z","references":[{"type":"ADVISORY","url":"https://cfengine.com/company/blog-detail/cve-2019-19394-mission-portal-javascript-injection-vulnerability/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cfengine/core","events":[{"introduced":"7f5df18819155d786f66f9fb4ca1c5c80d2b1c29"},{"fixed":"156b9adbc31f711fc9ddc8b1d9b63027ea9d0461"},{"introduced":"dc823da05d6790e9f95e3cb75618b51d6273e303"},{"fixed":"60af34434c70c282cd67d4d8d6d4b08231c1d37a"}]}],"versions":["3.10.0","3.10.0-build2","3.10.0-build3","3.10.0-build4","3.10.1","3.10.1-build1","3.10.2","3.10.2-build1","3.10.2a-PTV","3.10.2a-PTV-build1","3.10.3","3.10.3-2-build1","3.10.3-DTV-MP-logging-build1","3.10.3-DTV-MP-logging-build2","3.10.3-WMI-build1","3.10.3-build1","3.10.3-build2","3.10.3-build3","3.10.3-build4","3.10.3-build5","3.10.4","3.10.4-build1","3.10.4-build2","3.10.4-build3","3.10.5","3.10.5-2-build1","3.10.5-2-build2","3.10.5-build1","3.10.5-build2","3.10.5-build3","3.10.5-build4","3.10.5-build5","3.10.6","3.10.6-build1","3.10.6-build2","3.10.6-build3","3.12.0","3.12.0-3756","3.12.0-build4","3.12.0-build5","3.12.0-build6","3.12.1","3.12.1-build1","3.12.1-build2","3.12.1-build3","3.12.1-build4","3.12.2","3.12.2-build1","3.12.2-build2","3.12.3-build1","3.12.3-build2","3.12.3-build3","3.12.3-build4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19394.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}