2 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). Se ha identificado potencial para Cross-Site Request Forgery (CSRF) remoto en UCMBD Server, en sus versiones DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 y CMS Server versión 2018.05 BACKGROUND, que podría permitir la deserialización remota no segura y Cross-Site Request Forgery (CSRF). • http://www.securitytracker.com/id/1041140 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03180069 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-502: Deserialization of Untrusted Data •

CVSS: 6.3EPSS: 0%CPEs: 20EXPL: 0

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) en Micro Focus Universal CMDB, versiones 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33 y 11.0; CMS, versiones 4.10, 4.11, 4.12, 4.13, 4.14 y 4.15.1 y Micro Focus UCMDB Browser, versiones 4.10, 4.11, 4.12, 4.13, 4.14 y 4.15.1. La vulnerabilidad se podría explotar de forma remota para permitir que se produzca Cross-Site Scripting (XSS). • http://www.securitytracker.com/id/1040970 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •