CVE-2019-18652

MEDIUM

WatchGuard XMT515 <12.1.3 - XSS

Title source: llm

Description

A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).

Exploits (1)

gitlab WORKING POC

by crypt0crc · poc

https://gitlab.com/crypt0crc/cve-2019-18652

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://gitlab.com/crypt0crc/cve-2019-18652

Scores

CVSS v3 6.1

EPSS 0.0031

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

watchguard/xmt515_firmware < 12.3

Published Jan 07, 2020

Tracked Since Feb 18, 2026