CVE-2019-13932

CRITICAL

Siemens XHQ < 6.0.0.2 - Unauthenticated Script Import and Malicious Link Generation

Title source: llm

Description

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf

Scores

CVSS v3 9.1

EPSS 0.0037

EPSS Percentile 58.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-20

Status published

Products (1)

siemens/xhq < 6.0.0.2

Published Dec 12, 2019

Tracked Since Feb 18, 2026