CVE-2020-9524

Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS).

Published: May 18, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9524
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microfocus / enterprise_developer	5.0	5.0.x
microfocus / enterprise_server	5.0	5.0.x
microfocus / enterprise_server	5.0-p1	5.0-p1.x
microfocus / enterprise_server	5.0-p2	5.0-p2.x
microfocus / enterprise_server	5.0-p3	5.0-p3.x
microfocus / enterprise_server	5.0-p4	5.0-p4.x
microfocus / enterprise_server	5.0-p5	5.0-p5.x
microfocus / enterprise_server	5.0-p6	5.0-p6.x
microfocus / enterprise_server	5.0-p7	5.0-p7.x
microfocus / enterprise_developer	5.0-p1	5.0-p1.x
microfocus / enterprise_developer	5.0-p2	5.0-p2.x
microfocus / enterprise_developer	5.0-p3	5.0-p3.x
microfocus / enterprise_developer	5.0-p4	5.0-p4.x
microfocus / enterprise_developer	5.0-p5	5.0-p5.x
microfocus / enterprise_developer	5.0-p6	5.0-p6.x
microfocus / enterprise_developer	5.0-p7	5.0-p7.x

https://softwaresupport.softwaregrp.com/doc/KM03640252

Vulnerability Database

289,599

CVE-2020-9524