CVE-2019-3490

2019-05-0216:46:37

microfocus

www.cve.org

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.

CNA Affected

[
  {
    "product": "Netstorage component of Open Enterprise Server",
    "vendor": "OES",
    "versions": [
      {
        "status": "affected",
        "version": "OES2015SP1"
      },
      {
        "status": "affected",
        "version": "OES2018"
      },
      {
        "status": "affected",
        "version": "and OES2018SP1"
      }
    ]
  }
]

References

support.microfocus.com/kb/doc.php?id=7023828