4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
57.8%
Password Vault Web Access (PVWA) is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability.
An arbitrary script may be executed on the web browser of an user who is logged on.
Apply a patch
Apply the appropriate patch according to the information provided by the developer.
PVWA v6.0 releases v6.0 patch #2 and earlier
PVWA v5.5 releases v5.5 patch #4 and earlier
PVWA v5.0 and earlier