CVE-2021-28247 is a vulnerability in CA Technologies Ehealth Performance Manager

CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Products Associated with CVE-2021-28247

Want to know whenever a new CVE is published for CA Technologies Ehealth Performance Manager? stack.watch will email you.

Exploit Probability

EPSS

0.15%

Percentile

35.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-28247 is a vulnerability in CA Technologies Ehealth Performance ManagerPublished on March 26, 2021

Products Associated with CVE-2021-28247

Exploit Probability

CVE-2021-28247 is a vulnerability in CA Technologies Ehealth Performance Manager
Published on March 26, 2021