CVE-2019-11651
MEDIUMMicro Focus Enterprise Developer & Server <3.0-5.0 - XSS
Title source: llmDescription
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://softwaresupport.softwaregrp.com/doc/KM03532232
Scores
CVSS v3
6.1
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (4)
microfocus/enterprise_developer
3.0 (20 CPE variants)
microfocus/enterprise_developer
4.0 (12 CPE variants)
microfocus/enterprise_developer
5.0 (2 CPE variants)
microfocus/enterprise_server
3.0 (16 CPE variants)
Published
Oct 02, 2019
Tracked Since
Feb 18, 2026