CVE-2018-7681
MEDIUMMicro Focus Solutions Business Manager < 11.4 - Stored Cross-Site Scripting via Favorites Folder URL
Title source: llmDescription
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm
Scores
CVSS v3
4.8
EPSS
0.0021
EPSS Percentile
43.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
microfocus/solutions_business_manager
< 11.4
Published
Jun 21, 2018
Tracked Since
Feb 18, 2026