Search criteria
3 vulnerabilities found for vibe by microfocus
FKIE_CVE-2020-9520
Vulnerability from fkie_nvd - Published: 2020-03-25 21:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | vibe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:vibe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E27006D6-77BB-425E-B1F9-7AD56AA7CC41",
"versionEndExcluding": "4.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user\u2019s browser."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad de tipo XSS almacenado en Micro Focus Vibe, afectando todas las versiones de Vibe anteriores a 4.0.7. La vulnerabilidad podr\u00eda permitir a un atacante remoto dise\u00f1ar y almacenar contenido malicioso dentro de Vibe tal que, cuando el contenido es visualizado por otro usuario del sistema, un JavaScript controlado por el atacante se ejecutara en el contexto de seguridad del navegador del usuario objetivo."
}
],
"id": "CVE-2020-9520",
"lastModified": "2024-11-21T05:40:47.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-25T21:15:14.607",
"references": [
{
"source": "security@opentext.com",
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-9520 (GCVE-0-2020-9520)
Vulnerability from cvelistv5 – Published: 2020-03-25 20:59 – Updated: 2024-08-04 10:34
VLAI?
Summary
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.
Severity ?
No CVSS data available.
CWE
- Stored XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Micro Focus Vibe. |
Affected:
All Vibe version prior to Vive 4.0.7.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Vibe.",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All Vibe version prior to Vive 4.0.7."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user\u2019s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Vibe.",
"version": {
"version_data": [
{
"version_value": "All Vibe version prior to Vive 4.0.7."
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user\u2019s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03630475",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9520",
"datePublished": "2020-03-25T20:59:48",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:39.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9520 (GCVE-0-2020-9520)
Vulnerability from nvd – Published: 2020-03-25 20:59 – Updated: 2024-08-04 10:34
VLAI?
Summary
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.
Severity ?
No CVSS data available.
CWE
- Stored XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Micro Focus Vibe. |
Affected:
All Vibe version prior to Vive 4.0.7.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Vibe.",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All Vibe version prior to Vive 4.0.7."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user\u2019s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Vibe.",
"version": {
"version_data": [
{
"version_value": "All Vibe version prior to Vive 4.0.7."
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user\u2019s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03630475",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9520",
"datePublished": "2020-03-25T20:59:48",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:39.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}