{"id":"CVE-2019-6804","details":"An XSS issue was discovered on the Job Edit page in Rundeck Community Edition before 3.0.13, related to assets/javascripts/workflowStepEditorKO.js and views/execution/_wfitemEdit.gsp.","aliases":["GHSA-4262-wr7p-gpcj"],"modified":"2026-04-11T21:03:19.793621Z","published":"2019-01-25T05:29:00.950Z","references":[{"type":"ADVISORY","url":"https://docs.rundeck.com/docs/history/version-3.0.13.html"},{"type":"ADVISORY","url":"https://github.com/rundeck/rundeck/issues/4406"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/46251/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rundeck/rundeck","events":[{"introduced":"0"},{"fixed":"dcc2589f4c5d354fb1dc8c4ebc04d9d95e0a9d97"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"3.0.13"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:pagerduty:rundeck:*:*:*:*:community:*:*:*"}}],"versions":["v1.1","v1.1-docs1","v1.3","v1.4","v1.4.0","v1.4.0.1","v1.4.1","v1.4.3","v1.4.4","v1.5","v1.5-01","v1.5-02","v1.5-03","v1.5-1","v1.5-rc1","v1.5-rc2","v1.5.1","v1.5.2","v1.5.3","v1.6.0","v1.6.0-rc1","v1.6.0-rc2","v1.6.0-rc3","v2.0.1","v2.0.2","v2.0.3","v2.1.0","v2.1.1","v2.1.2","v2.10.0","v2.10.1","v2.10.2","v2.10.3","v2.10.4","v2.10.5","v2.10.6","v2.10.7","v2.10.8","v2.11.0","v2.11.1","v2.2.0","v2.2.1","v2.2.2","v2.2.3","v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.5.0","v2.5.1","v2.6.0","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.6.6","v2.6.7","v2.6.8","v2.7.0","v2.7.1","v2.7.2","v2.7.3","v2.8.0","v2.8.1","v2.8.2","v2.8.3","v2.8.4","v2.9.0","v2.9.1","v2.9.2","v2.9.3","v2.9.4","v3.0.0","v3.0.0-alpha1","v3.0.0-alpha1-2","v3.0.0-alpha2","v3.0.0-alpha4","v3.0.0-beta1","v3.0.11","v3.0.6","v3.0.7","v3.0.8","v3.0.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6804.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}