5.4

CVE-2020-9524

Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS).

Data is provided by the National Vulnerability Database (NVD)
MicrofocusEnterprise Developer Version5.0 Update-
MicrofocusEnterprise Developer Version5.0 Updatep1
MicrofocusEnterprise Developer Version5.0 Updatep2
MicrofocusEnterprise Developer Version5.0 Updatep3
MicrofocusEnterprise Developer Version5.0 Updatep4
MicrofocusEnterprise Developer Version5.0 Updatep5
MicrofocusEnterprise Developer Version5.0 Updatep6
MicrofocusEnterprise Developer Version5.0 Updatep7
MicrofocusEnterprise Server Version5.0 Update-
MicrofocusEnterprise Server Version5.0 Updatep1
MicrofocusEnterprise Server Version5.0 Updatep2
MicrofocusEnterprise Server Version5.0 Updatep3
MicrofocusEnterprise Server Version5.0 Updatep4
MicrofocusEnterprise Server Version5.0 Updatep5
MicrofocusEnterprise Server Version5.0 Updatep6
MicrofocusEnterprise Server Version5.0 Updatep7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.21% 0.399
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.4 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.