CVE-2020-9056 Information

Description

Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting which could allow a local authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization and is executed in the browser of the user which could possibly cause website redirection session hijacking or information disclosure. This vulnerability has been patched in BuySpeed version 15.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

Reference

https://kb.cert.org/vuls/id/660597/ https://support.buyspeed.com/hc/en-us/articles/360035773831-Buyspeed-15-3-0-Release-Notes

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

LOW

Base Severity

5.4