CVE-2019-3562
Published Apr 29, 2019
Last updated 5 years ago
Overview
- Description
- A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11.
- Source
- cve-assign@fb.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oculus:oculus_browser:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91679425-9381-4723-AB36-282A5BDAAB07",
"versionEndIncluding": "5.7.11",
"versionStartIncluding": "5.2.7"
}
],
"operator": "OR"
}
]
}
]