vulnerability
Arch Linux: Cross-site scripting (CVE-2019-10383)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Aug 28, 2019 | Jul 11, 2025 | Nov 27, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Aug 28, 2019
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
Jenkins did not properly escape the update site URL in some status messages shown in the update center, resulting in a stored cross-site scripting vulnerability that is exploitable by administrators and affects other administrators.
Solution
arch-linux-upgrade-latest
References
- CVE-2019-10383
- https://attackerkb.com/topics/CVE-2019-10383
- URL-http://www.openwall.com/lists/oss-security/2019/08/28/4
- URL-https://access.redhat.com/errata/RHSA-2019:2789
- URL-https://access.redhat.com/errata/RHSA-2019:3144
- URL-https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1453
- URL-https://security.archlinux.org/ASA-201908-22
- URL-https://www.oracle.com/security-alerts/cpuapr2022.html
- CWE-79
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.