Cross-Site Scripting (XSS) Vulnerability in OpenText Self Service Password Reset
CVE-2020-11850

6.1MEDIUM

Key Information:

Vendor: Opentext
Status: Self Service Password Reset
Vendor: CVE Published:; 21 August 2024

What is CVE-2020-11850?

A vulnerability exists in OpenText Self Service Password Reset due to improper input validation, which facilitates Cross-Site Scripting (XSS) attacks. This issue can allow an attacker to inject malicious scripts into web pages viewed by users. Exploitation of this vulnerability may lead to unauthorized access, data theft, or session hijacking. Affected versions prior to 4.5.0.2 and 4.4.0.6 are particularly at risk, emphasizing the need for prompt updates to safeguard against potential threats.

Affected Version(s)

Self Service Password Reset Linux 4.5.0.2

References

https://www.netiq.com/documentation/self-service-password...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2024
Vulnerability Reserved
Apr 16, 2020

Opentext

What is CVE-2020-11850?

Affected Version(s)

References

CVSS V3.1

Timeline