CVE-2017-7422
Title: Microfocus Enterprise Developer Cross-Site Scripting (XSS)
Proof Of Concept
No public PoC currently indexed for CVE-2017-7422.
Vulnerability Summary
CVE-2017-7422: Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.
Impacted Vendors
Reference Links
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AV:N/AC:M/Au:S/C:N/I:P/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
CVE-2017-7422 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data or affected products updated.
Vulnerability first announced in NVD.
Attack Vector Matrix
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Stack
No specific products linked.