vulnerability

Alpine Linux: CVE-2019-13122: Cross-site Scripting

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 10, 2019

Added

Aug 22, 2024

Modified

Mar 25, 2026

Description

A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix.

Solution

alpine-linux-upgrade-patchwork

References

CVE-2019-13122
https://attackerkb.com/topics/CVE-2019-13122
https://security.alpinelinux.org/vuln/CVE-2019-13122
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-4659
CWE-79
EUVD-EUVD-2019-4659

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report