CVE-2020-9520
MEDIUMMicro Focus Vibe < 4.0.7 - Stored Cross-Site Scripting
Title source: llmDescription
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
https://softwaresupport.softwaregrp.com/doc/KM03630475
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Mar/50
Scores
CVSS v3
5.4
EPSS
0.0020
EPSS Percentile
42.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
microfocus/vibe
< 4.0.7
Published
Mar 25, 2020
Tracked Since
Feb 18, 2026