CVE-2020-9524
MEDIUMMicro Focus Enterprise Server and Enterprise Developer - Stored and Reflected Cross-Site Scripting
Title source: llmDescription
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS).
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://softwaresupport.softwaregrp.com/doc/KM03640252
Scores
CVSS v3
5.4
EPSS
0.0021
EPSS Percentile
42.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
microfocus/enterprise_developer
5.0 (8 CPE variants)
microfocus/enterprise_server
5.0 (8 CPE variants)
Published
May 18, 2020
Tracked Since
Feb 18, 2026