{"id":"CVE-2019-11274","details":"Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute.","modified":"2026-03-14T09:31:55.424812Z","published":"2019-08-09T20:15:11.207Z","references":[{"type":"ADVISORY","url":"https://www.cloudfoundry.org/blog/cve-2019-11274"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudfoundry/uaa","events":[{"introduced":"0"},{"fixed":"4bde45b99b1a8b866a446a9546af24336c21820f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"74.0.0"}]}}],"versions":["1.0.1","1.0.2","1.0.3","1.1","1.1.1","1.1.2","1.10","1.11","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.3.1","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.5.2","1.5.2.1","1.5.3","1.5.4","1.5.4.1","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.7.0","1.7.1","1.7.2","1.8.0","1.8.1","1.8.2","1.8.3","1.9.0","1.9.1","2.0.0","2.0.1","2.0.2","2.0.3","2.1.0","2.2.0","2.2.4","2.2.4.1","2.2.5","2.2.6","2.3.0","2.3.1","2.3.1.1","2.4.0","2.4.1","2.5.0","2.5.1","2.5.2","2.6.0","2.6.1","2.6.2","2.7.0","2.7.0.1","2.7.0.2","2.7.0.3","2.7.1","2.7.2","2.7.3","3.0.0","3.0.1","3.1.0","3.10.0","3.11.0","3.12.0","3.13.0","3.14.0","3.15.0","3.16.0","3.2.0","3.2.1","3.3.0","3.3.0.1","3.4.0","3.4.1","3.4.2","3.5.0","3.6.0","3.7.0","3.7.1","3.7.2","3.7.3","3.7.4","3.8.0","3.9.0","3.9.1","3.9.2","3.9.3","4.0.0","4.1.0","4.10.0","4.11.0","4.12.0","4.12.1","4.13.0","4.13.1","4.13.2","4.13.3","4.13.4","4.14.0","4.15.0","4.16.0","4.17.0","4.18.0","4.19.0","4.2.0","4.20.0","4.21.0","4.22.0","4.23.0","4.24.0","4.25.0","4.26.0","4.27.0","4.28.0","4.29.0","4.3.0","4.30.0","4.31.0","4.35.0","4.4.0","4.5.0","4.6.0","4.6.1","4.7.0","4.7.1","4.7.2","4.8.0","4.8.1","4.8.2","4.8.3","4.9.0","lenient_hybrid_flow","releases/4.15.0","travis-success-1475","travis-success-1478","travis-success-1497","v73.7.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11274.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}