CVE-2020-9437

EUVD-2020-30257
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
secureauthsecureauth_identity_provider
9.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases
https://know.bishopfox.com/advisories
https://labs.bishopfox.com/advisories/secureauth-version-9.3
https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases
https://know.bishopfox.com/advisories
https://labs.bishopfox.com/advisories/secureauth-version-9.3