{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T10:14:51.722","vulnerabilities":[{"cve":{"id":"CVE-2019-16414","sourceIdentifier":"cve@mitre.org","published":"2019-09-30T13:15:10.763","lastModified":"2026-06-17T02:22:16.130","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI."},{"lang":"es","value":"Una vulnerabilidad de tipo XSS basado en DOM en GFI Kerio Control versión v9.3.0, permite insertar código malicioso y manipular la página de inicio de sesión para enviar de vuelta las credenciales de la víctima en texto sin cifrar para un atacante por medio de un inicio de un URI sesión/?reason=failure&amp;NTLM=."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gfi:kerio_control:9.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0DAA7D40-BB74-4004-801B-E59600144BA2"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154678/GFI-Kerio-Control-9.3.0-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Sep/35","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://twitter.com/haxel0rd/status/1174279811751174144","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.youtube.com/watch?v=ZqqR89vzZ_I","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/154678/GFI-Kerio-Control-9.3.0-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Sep/35","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://twitter.com/haxel0rd/status/1174279811751174144","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.youtube.com/watch?v=ZqqR89vzZ_I","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}