{"id":"CVE-2019-5926","details":"Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.","modified":"2026-03-14T01:31:16.986996Z","published":"2019-03-27T14:29:01.797Z","references":[{"type":"ADVISORY","url":"https://github.com/KinagaCMS/KinagaCMS"},{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN06527859/index.html"},{"type":"ADVISORY","url":"https://xn--5rwx17a.xn--v8jtdudb.com/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kinagacms/kinagacms","events":[{"introduced":"0"},{"fixed":"0f684b18bbc0071d0e99d2ed33ce0413526cc21f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.5"}]}}],"versions":["5","6.0","6.0.1","6.0.10","6.0.11","6.0.12","6.0.13","6.0.15","6.0.16","6.0.17","6.0.18","6.0.19","6.0.2","6.0.20","6.0.21","6.0.22","6.0.23","6.0.24","6.0.25","6.0.3","6.0.4","6.0.5","6.0.50","6.0.51","6.0.52","6.0.53","6.0.54","6.0.6","6.0.7","6.0.8","6.0.9","6.1.0","6.1.1","6.1.2","6.1.3","6.1.4","6.1.5","6.1.6","6.2","6.2.1","6.2.2","6.2.3","6.2.5","6.2.6","6.2.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5926.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}