A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-04T19:19:18.663Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3826

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-26T18:29:00.623

Modified: 2024-11-21T04:42:37.547

Link: CVE-2019-3826

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-01-31T00:00:00Z

Links: CVE-2019-3826 - Bugzilla

cve-icon OpenCVE Enrichment

No data.