CVE-2020-11838
MEDIUMMicro Focus ArcSight Management Center 2.6.1, 2.7.x, 2.8.x, < 2.9.4 - Cross-Site Scripting
Title source: llmDescription
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://softwaresupport.softwaregrp.com/doc/KM03650893
Scores
CVSS v3
5.4
EPSS
0.0021
EPSS Percentile
42.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
microfocus/arcsight_management_center
2.6.1
microfocus/arcsight_management_center
2.7.0 - 2.9.4
Published
Jun 16, 2020
Tracked Since
Feb 18, 2026