{"id":"CVE-2019-20378","details":"ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.","modified":"2026-03-14T09:36:54.693329Z","published":"2020-01-11T03:15:10.730Z","related":["SUSE-SU-2022:3895-1","SUSE-SU-2022:4243-1","SUSE-SU-2022:4244-1","openSUSE-SU-2024:12462-1"],"references":[{"type":"EVIDENCE","url":"https://github.com/ganglia/ganglia-web/issues/351"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ganglia/ganglia-web","events":[{"introduced":"0"},{"last_affected":"d4bbe11434cbbfe5941ab785486dc7244f75a247"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.7.5"}]}}],"versions":["-","3.3.0","3.3.0-1","3.3.0-2","3.3.0-3","3.3.0-4","3.3.1-1","3.3.1-2","3.3.1-3","3.3.1-4","3.3.2-1","3.3.2-2","3.3.2-3","3.3.4","3.3.5","3.3.6-1","3.4.0","3.4.1","3.4.2","3.5.0","3.5.1","3.5.10","3.5.11","3.5.12","3.5.2","3.5.3","3.5.4","3.5.6","3.5.7","3.5.8","3.5.9","3.6.0","3.6.2","3.7.0","3.7.1","3.7.2","3.7.3","3.7.4","3.7.5","4.0.0","monitor-core/3.3.0","monitor-core/3.3.1","monitor-core/3.3.2","monitor-core/3.3.3","monitor-core/3.3.4","monitor-core/3.3.5","monitor-core/3.3.6","monitor-core/3.3.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20378.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}