CVE-2018-13825

MEDIUM

Broadcom Project Portfolio Management < 14.3 - XSS

Title source: rule

Description

Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105297

[Patch, Vendor Advisory] https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 46.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (5)

broadcom/project_portfolio_management < 14.3

broadcom/project_portfolio_management

ca/project_portfolio_management

Timeline

Published Aug 30, 2018

Tracked Since Feb 18, 2026