cbcvebase.
CVE-2019-11651
published 2019-10-02

CVE-2019-11651: Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and…

PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.78%
51.5th percentile
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.

Affected

8 ranges
VendorProductVersion rangeFixed in
microfocusenterprise_developer
microfocusenterprise_developer
microfocusenterprise_developer
microfocusenterprise_server
microfocusenterprise_server
microfocusenterprise_server
saltstacksalt>= 0 < 2019.2.42019.2.4
saltstacksalt>= 3000 < 3000.23000.2

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.