CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
72.6%
Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
f-secure | policy_manager | 7.00 | cpe:2.3:a:f-secure:policy_manager:7.00:*:windows:*:*:*:*:* |
f-secure | policy_manager | 8.00 | cpe:2.3:a:f-secure:policy_manager:8.00:hotfix1:windows:*:*:*:*:* |
f-secure | policy_manager | 8.10 | cpe:2.3:a:f-secure:policy_manager:8.10:hotfix1:windows:*:*:*:*:* |
f-secure | policy_manager | 8.10 | cpe:2.3:a:f-secure:policy_manager:8.10:hotfix2:windows:*:*:*:*:* |
f-secure | policy_manager | 8.11 | cpe:2.3:a:f-secure:policy_manager:8.11:hotfix1:windows:*:*:*:*:* |
f-secure | policy_manager | 8.11 | cpe:2.3:a:f-secure:policy_manager:8.11:hotfix2:windows:*:*:*:*:* |
f-secure | policy_manager | 9.00 | cpe:2.3:a:f-secure:policy_manager:9.00:hotfix1:windows:*:*:*:*:* |
f-secure | policy_manager | 9.00 | cpe:2.3:a:f-secure:policy_manager:9.00:hotfix2:windows:*:*:*:*:* |
f-secure | policy_manager | 9.00 | cpe:2.3:a:f-secure:policy_manager:9.00:hotfix3:windows:*:*:*:*:* |
f-secure | policy_manager | 8.00 | cpe:2.3:a:f-secure:policy_manager:8.00:hotfix1:linux:*:*:*:*:* |