CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11648
https://notcve.org/view.php?id=CVE-2019-11648
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information. Existe un filtrado de información en todas las versiones anteriores a la versión 4.4 de Self Service Password Reset Software de Micro Focus NetIQ. La vulnerabilidad podría ser explotada para exponer información sensible. • https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1599
https://notcve.org/view.php?id=CVE-2016-1599
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en NetIQ Self Service Password Reset (SSPR) 2.x y 3.x en versiones anteriores a 3.3.1 HF2 permite a atacantes remotos inyectar texto web arbitrario o HTML a través de una URL manipulada. • http://www.securityfocus.com/bid/96837 https://bugzilla.netiq.com/show_bug.cgi?id=967461 https://www.netiq.com/support/kb/doc.php?id=7017399 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •