A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote malicious user to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microfocus open enterprise server 2015.1 |
||
microfocus open enterprise server 2018.0 |
||
microfocus open enterprise server 2018.1 |