Solutions Business Manager
CVE-2018-7681
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
AnalysisAI
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. Affected products include: Microfocus Solutions Business Manager. Version information: prior to 11.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Solutions Business Manager
View allMicro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log f
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domain
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. Rated medium severity (C
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. Rated medium severity
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today