CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
60.2%
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
cyber-ark | password_vault_web_access | * | cpe:2.3:a:cyber-ark:password_vault_web_access:*:*:*:*:*:*:*:* |
cyber-ark | password_vault_web_access | 4.0 | cpe:2.3:a:cyber-ark:password_vault_web_access:4.0:*:*:*:*:*:*:* |
cyber-ark | password_vault_web_access | 5.5 | cpe:2.3:a:cyber-ark:password_vault_web_access:5.5:*:*:*:*:*:*:* |
cyber-ark | password_vault_web_access | 5.5 | cpe:2.3:a:cyber-ark:password_vault_web_access:5.5:patch4:*:*:*:*:*:* |
cyber-ark | password_vault_web_access | 6.0 | cpe:2.3:a:cyber-ark:password_vault_web_access:6.0:*:*:*:*:*:*:* |
cyber-ark | password_vault_web_access | 6.0 | cpe:2.3:a:cyber-ark:password_vault_web_access:6.0:patch2:*:*:*:*:*:* |