CVE-2020-11850— Cross site scripting vulnerability in Self Service Password Reset
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-11850
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross site scripting vulnerability in Self Service Password Reset
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Micro Focus Self Service Password Reset 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Micro Focus Self Service Password Reset是英国Micro Focus公司的一套基于Web的密码管理解决方案。该产品支持用户使用自助服务更改密码。 Micro Focus Self Service Password Reset 4.5.0.2和4.4.0.6之前版本存在安全漏洞,该漏洞源于输入验证不当,导致跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OpenText | Self Service Password Reset | 4.5.0.2 ~ < | - |
II. Public POCs for CVE-2020-11850
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-11850
请登录查看更多情报信息。
Same Patch Batch · OpenText · 2024-08-21 · 5 CVEs total
| CVE-2020-11846 | 8.7 HIGH | Improper handling of token allows access to restricted resource in Privileged Access Manag |
| CVE-2020-11847 | 8.2 HIGH | Vulnerability in sshrelay in privileged access manager provides full system access. |
| CVE-2022-26328 | User enumeration vulnerability has been discovered in OpenText™ Performance Center | |
| CVE-2022-26327 | Stored cross-site scripting (XSS) has been discovered in OpenText™ Performance Center |
IV. Related Vulnerabilities
Same vendor: OpenText
- CVE-2026-2123
Privilege escalation vulnerability in Operations Agent - CVE-2024-11604
Insertion of Sensitive Information into Log File - CVE-2025-13478
Cache Misconfiguration Leading to Cross-User Data Exposure - CVE-2025-8050
External Control of File vulnerability has been discovered i - CVE-2025-8052
HQL Injection vulnerability has been discovered in Opentext
Same weakness: CWE-20
V. Comments for CVE-2020-11850
No comments yet