CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12903
https://notcve.org/view.php?id=CVE-2018-12903
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. En CyberArk Endpoint Privilege Manager (antiguamente Viewfinity) 10.2.1.603, existe Cross-Site Scripting (XSS) mediante un nombre de cuenta en la pantalla "create token", la pantalla "SelectAccounts->DisplayName" de VfManager.asmx, los grupos de un usuario en ConfigurationPage, el campo Dialog Title y App Group Name en el asistente de Application Group.. • http://code610.blogspot.com/2018/06/exploiting-cyberark-1021603.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •