{"containers":{"cna":{"providerMetadata":{"orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens","dateUpdated":"2024-01-09T09:56:23.099Z"},"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains\nmultiple stored Cross-site Scripting (XSS) vulnerabilities in several input\nfields.\nThis could allow an authenticated remote attacker to inject malicious\nJavaScript code into the CCS web application that is later executed\nin the browser context of any other user who views the relevant CCS\nweb content."}],"affected":[{"vendor":"Siemens","product":"Control Center Server (CCS)","versions":[{"version":"All versions < V1.5.0","status":"affected"}],"defaultStatus":"unknown"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N/E:P/RL:U/RC:C","baseScore":6.3,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-79","description":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","type":"CWE"}]}],"references":[{"tags":["x_refsource_MISC"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"},{"tags":["x_refsource_CONFIRM"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T02:09:39.611Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"}]}]},"cveMetadata":{"assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","assignerShortName":"siemens","cveId":"CVE-2019-19294","datePublished":"2020-03-10T19:16:17.000Z","dateReserved":"2019-11-26T00:00:00.000Z","dateUpdated":"2024-08-05T02:09:39.611Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}