CVE-2019-6180

MEDIUM

Lenovo XClarity Administrator < 2.5.0 - Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.lenovo.com/solutions/LEN-27805

Scores

CVSS v3 4.8
EPSS 0.0023
EPSS Percentile 45.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
lenovo/xclarity_administrator < 2.5.0
Published Sep 03, 2019
Tracked Since Feb 18, 2026