CVE-2022-38758 HIGH

CVE-2022-38758: XSS vulnerabilities in iManager

Vendor Micro Focus

Product NetIQ iManager

Weakness CWE-79 · XSS

Published January 25, 2023

Last update March 27, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Adjacent

Attack complexity High

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.

Key dates

02Disclosure timeline

January 25, 2023 CVE published

March 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-38758 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-2973 SourceCodester Students Online Internship Timesheet Syste cross site scripting CVE-2025-49908 WordPress WPC Countdown Timer for WooCommerce plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability CVE-2021-47695 Nagios XI < 5.8.0 XSS via My Tools Page CVE-2026-4067 Ad Short <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'client' Shortcode Attribute CVE-2024-1326 Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags

Identifiers

CVE CVE-2022-38758

CWE CWE-79

CVSS 7.2 / HIGH

Affected versions

Vendor Micro Focus

Product NetIQ iManager

Affected ≥ NetIQ iManager and < 3.2.6