CVE-2020-9517
MEDIUMMicro Focus Service Manager Release Control <9.51 - XSS
Title source: llmDescription
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
https://softwaresupport.softwaregrp.com/doc/KM03604692
Scores
CVSS v3
5.4
EPSS
0.0015
EPSS Percentile
35.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-1021
Status
published
Products (2)
microfocus/service_manager
9.50
microfocus/service_manager
9.60
Published
Mar 09, 2020
Tracked Since
Feb 18, 2026