{"containers": {"cna": {"affected": [{"product": "Service Manager.", "vendor": "n/a", "versions": [{"status": "affected", "version": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63."}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML."}], "problemTypes": [{"descriptions": [{"description": "Cross Site Scripting.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:39", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2020-11845", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Service Manager.", "version": {"version_data": [{"version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross Site Scripting."}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/doc/KM03640285", "refsource": "MISC", "url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2020-11845", "datePublished": "2020-05-19T14:05:21", "dateReserved": "2020-04-16T00:00:00", "dateUpdated": "2021-01-06T16:15:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F2372DD-AABE-43DF-8873-59CECFEA88CF", "versionEndIncluding": "9.63", "versionStartIncluding": "9.50", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML."}, {"lang": "es", "value": "Vulnerabilidad de tipo Cross Site Scripting en el producto Micro Focus Service Manager. Afectando las versiones 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. La vulnerabilidad podr\u00eda ser explotada para permitir a atacantes remotos inyectar script web o HTML arbitrario."}], "id": "CVE-2020-11845", "lastModified": "2023-11-07T03:15:10.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-19T15:15:11.340", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}