Vulnerability Details CVE-2020-9437
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.4%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases
- https://know.bishopfox.com/advisories
- https://labs.bishopfox.com/advisories/secureauth-version-9.3
- https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases
- https://know.bishopfox.com/advisories
- https://labs.bishopfox.com/advisories/secureauth-version-9.3
Products affected by CVE-2020-9437
-
cpe:2.3:a:secureauth:secureauth_identity_provider:9.3.0