CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3490
https://notcve.org/view.php?id=CVE-2019-3490
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support. Se identificó una vulnerabilidad de tipo XSS basada en DOM en el componente Netstorage de Open Enterprise Server (OES) que permite a un atacante remoto ejecutar javascript en el navegador de víctimas engañando al usuario para que haga clic en un enlace especialmente creado. Esto afecta a las versiones de OES OES2015SP1, OES2018 y OES2018SP1. • https://support.microfocus.com/kb/doc.php?id=7023828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •