7.3
CVE-2020-11850
- EPSS 0.13%
- Published 21.08.2024 13:15:04
- Last modified 23.08.2024 17:02:39
- Source security@opentext.com
- Teams watchlist Login
- Open Login
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
Data is provided by the National Vulnerability Database (NVD)
Microfocus ≫ Netiq Self Service Password Reset Version < 4.4
Microfocus ≫ Netiq Self Service Password Reset Version4.4 Update-
Microfocus ≫ Netiq Self Service Password Reset Version4.4 Updateupdate_1
Microfocus ≫ Netiq Self Service Password Reset Version4.4 Updateupdate_2
Microfocus ≫ Netiq Self Service Password Reset Version4.4 Updateupdate_3
Microfocus ≫ Netiq Self Service Password Reset Version4.4 Updateupdate_4
Microfocus ≫ Netiq Self Service Password Reset Version4.4 Updateupdate_5
Microfocus ≫ Netiq Self Service Password Reset Version4.5 Update-
Microfocus ≫ Netiq Self Service Password Reset Version4.5 Updateupdate_1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.337 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| security@opentext.com | 7.3 | 1 | 5.8 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.