QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-16935

Back to search

CVE-2019-16935

Published: Sep 28, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.

VendorProductVersions

n/a

n/a

affected
n/a

References

USN-4151-1
vendor-advisory
x_refsource_UBUNTU
USN-4151-2
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2019:2389
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:2393
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:2438
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:2453
vendor-advisory
x_refsource_SUSE
FEDORA-2019-0d3fcae639
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-74ba24605e
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-b06ec6159b
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-758824a3ff
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-d202cda4f8
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-57462fa10d
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-7ec5bb5d22
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-a268ba7b23
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:0086
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now