CVE-2020-9055 Information

Description

Versiant LYNX Customer Service Portal (CSP) version 3.5.2 is vulnerable to stored cross-site scripting which could allow a local authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects session cookie hijacking or information disclosure.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://csp.poha.com/lynx/ https://kb.cert.org/vuls/id/962085/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4