CVE-2020-7390 Information

Jun 07, 2022 cve

Description

Sage X3 Stored XSS Vulnerability on â€˜Editâ€™ Page of User Profile. An authenticated user can pass XSS strings the \First Name\ \Last Name\ and \Email Address\ fields of this web application component. Updates are available for on-premises versions of Version 12 (components shipped with Syracuse 12.10.0 and later) of Sage X3. Other on-premises versions of Sage X3 are unaffected or unsupported by the vendor.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: