CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Max CVSS
5.4
EPSS Score
0.07%
Published
2021-03-26
Updated
2024-03-21
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
Max CVSS
6.1
EPSS Score
0.10%
Published
2018-08-30
Updated
2021-04-12
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
Max CVSS
6.1
EPSS Score
0.10%
Published
2018-06-18
Updated
2018-08-10
CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-03-29
Updated
2023-01-27
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-03-29
Updated
2023-01-27
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-03-29
Updated
2023-01-27
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-11-14
Updated
2019-10-09
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.
Max CVSS
6.1
EPSS Score
0.18%
Published
2017-03-07
Updated
2017-03-08
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-10-29
Updated
2021-04-12
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2011-12-08
Updated
2012-03-05
Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Max CVSS
4.3
EPSS Score
0.27%
Published
2011-05-16
Updated
2018-10-09
Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.29%
Published
2011-05-05
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.
Max CVSS
2.6
EPSS Score
0.55%
Published
2010-02-24
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
Max CVSS
4.3
EPSS Score
0.11%
Published
2009-12-09
Updated
2009-12-10
Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."
Max CVSS
4.3
EPSS Score
0.35%
Published
2008-09-27
Updated
2021-04-09
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!