Lenovo: >> Xclarity Administrator >> 2.6.0 Security Vulnerabilities
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
CVSS Score
5.7
EPSS Score
0.003
Published
2020-02-14
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-14
Page 2