CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-3490

A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://support.microfocus.com/kb/doc.php?id=7023828
https://support.microfocus.com/kb/doc.php?id=7023828

Products affected by CVE-2019-3490

Microfocus » Open Enterprise Server » Version: 2015.1

cpe:2.3:a:microfocus:open_enterprise_server:2015.1
Microfocus » Open Enterprise Server » Version: 2018.0

cpe:2.3:a:microfocus:open_enterprise_server:2018.0
Microfocus » Open Enterprise Server » Version: 2018.1

cpe:2.3:a:microfocus:open_enterprise_server:2018.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-3490

Products

Pricing

Contact Us