CVE-2018-13825
MEDIUMBroadcom Project Portfolio Management < 14.3 - XSS
Title source: ruleDescription
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105297
Patch, Vendor Advisory x_refsource_confirm
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html
Scores
CVSS v3
6.1
EPSS
0.0024
EPSS Percentile
46.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (5)
broadcom/project_portfolio_management
14.4
broadcom/project_portfolio_management
15.1
broadcom/project_portfolio_management
< 14.3
ca/project_portfolio_management
15.2 cp5
ca/project_portfolio_management
15.3 cp2
Published
Aug 30, 2018
Tracked Since
Feb 18, 2026