CVE-2018-7681

Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
microfocusCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
microfocussolutions_business_manager
𝑥
< 11.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm
http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm