Description
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html
Scores
CVSS v3
6.1
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
microfocus/netiq_self_service_password_reset
< 4.4
Published
Jun 24, 2019
Tracked Since
Feb 18, 2026