{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "3.10.0"
              },
              {
                "fixed": "3.10.7"
              },
              {
                "introduced": "3.12.0"
              },
              {
                "fixed": "3.12.3"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "3.7"
              }
            ]
          },
          "events": [
            {
              "introduced": "dc823da05d6790e9f95e3cb75618b51d6273e303"
            },
            {
              "fixed": "60af34434c70c282cd67d4d8d6d4b08231c1d37a"
            },
            {
              "introduced": "7f5df18819155d786f66f9fb4ca1c5c80d2b1c29"
            },
            {
              "fixed": "156b9adbc31f711fc9ddc8b1d9b63027ea9d0461"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "7dedbc5a80fe244d77393c6477f00640dd26608d"
            }
          ],
          "repo": "https://github.com/cfengine/core",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.",
  "id": "CVE-2019-19394",
  "modified": "2026-03-13T21:49:51.898074164Z",
  "published": "2020-04-16T19:15:22.510Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://cfengine.com/company/blog-detail/cve-2019-19394-mission-portal-javascript-injection-vulnerability/"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}