CVE-2018-6495

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microfocus:universal_cmdb:0.20:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.21:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.22:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.30:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.31:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.32:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:10.33:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb:11.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:microfocus:universal_cmdb_browser:4.10:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.12:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.13:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.14:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:universal_cmdb_browser:4.15.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:microfocus:cms_server:4.10:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.11:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.12:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.13:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.14:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:cms_server:4.15.1:*:*:*:*:*:*:*

History

07 Nov 2023, 02:59

Type Values Removed Values Added
References (SECTRACK) http://www.securitytracker.com/id/1040970 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1040970 -
References (CONFIRM) https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778 - Vendor Advisory () https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778 -

Information

Published : 2018-05-23 18:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-6495

Mitre link : CVE-2018-6495

CVE.ORG link : CVE-2018-6495


JSON object : View

Products Affected

microfocus

  • universal_cmdb
  • universal_cmdb_browser
  • cms_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')