CVE-2020-9520 Information

Description

A stored XSS vulnerability was discovered in Micro Focus Vibe affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system attacker controlled JavaScript will execute in the security context of the target user’s browser.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://seclists.org/fulldisclosure/2020/Mar/50 https://softwaresupport.softwaregrp.com/doc/KM03630475

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4