CVE-2017-7422 is a vulnerability in Micro Focus Enterprise Developer
Published on August 21, 2017
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2017-7422 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2017-7422
Want to know whenever a new CVE is published for Micro Focus Enterprise Developer? stack.watch will email you.
Affected Versions
Micro Focus Enterprise Developer, Micro Focus Enterprise Server Version 2.3 before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9 is affected by CVE-2017-7422Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.