exploitDog

CVE-2020-9437

Опубликовано: 25 июн. 2020

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.

Ссылки

https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases
Vendor Advisory
https://know.bishopfox.com/advisories
Third Party Advisory
https://labs.bishopfox.com/advisories/secureauth-version-9.3
Third Party Advisory
https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases
Vendor Advisory
https://know.bishopfox.com/advisories
Third Party Advisory
https://labs.bishopfox.com/advisories/secureauth-version-9.3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:secureauth:secureauth_identity_provider:9.3.0:-:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00632

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-wwp3-x39x-p8v3

CVSS3: 4.8

github

больше 3 лет назад

SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.

EPSS

Процентиль: 70%

0.00632

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79