{"id":"CVE-2019-14804","details":"studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.","modified":"2026-04-10T04:12:33.559390Z","published":"2019-08-09T14:15:11.943Z","references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/154018/UNA-10.0.0-RC1-Cross-Site-Scripting.html"},{"type":"ADVISORY","url":"https://github.com/unaio/una/commits/master/studio"},{"type":"ADVISORY","url":"https://pastebin.com/iMfs1BsM"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/unaio/una","events":[{"introduced":"0"},{"last_affected":"9266e18a2b48d0a8a6a6aba543ded77dddf0126b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.0.0-rc1"}]}}],"versions":["10.0.0-B1","10.0.0-B2","10.0.0-RC1","8.0.0-A","8.0.0-A10","8.0.0-A11","8.0.0-A2","8.0.0-A4","8.0.0-A6","8.0.0-A8","8.0.0-A9","8.0.0-B1","8.0.0-B2","9.0.0-B2","9.0.0-B4","9.0.0-RC2","9.0.0-RC4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14804.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}