{"id":"CVE-2019-1010008","details":"OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in \"Name\", \"Location\", \"Bio\" and \"Starting Page\" fields in the \"My Account\" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible.","modified":"2026-04-10T04:14:03.415843Z","published":"2019-07-15T02:15:10.433Z","references":[{"type":"EVIDENCE","url":"https://github.com/emoncms/emoncms/issues/763"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/emoncms/emoncms","events":[{"introduced":"0"},{"last_affected":"61df1fc5c53ec2b91279c3b6f11a7ffbe0b5b91c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.8.8"}]}}],"versions":["8.0","8.0.1","8.0.2","8.0.3","8.0.4","8.0.5","8.0.6","8.0.7","8.0.8","8.0.9","8.1.0","8.1.1","8.1.2","8.2","8.2.1","8.2.3","8.2.5","8.2.6","8.2.7","8.3.0","8.3.1","8.5.2","9.4","9.8.3","9.8.4","9.8.7","9.8.8","debian/8.0-1","v5.0","v6.0","v6.9","v7.0","v8.3.2","v8.3.3","v8.3.4","v8.3.6","v8.4.0","v9.3","v9.4","v9.5","v9.5.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010008.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}