CVE-2020-7390

Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 (components shipped with Syracuse 12.10.0 and later) of Sage X3. Other on-premises versions of Sage X3 are unaffected or unsupported by the vendor.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:sage:syracuse:*:*:*:*:*:*:*:*
cpe:2.3:a:sage:x3:12.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
CVSS v2 : 3.5
v3 : 5.4
v2 : 3.5
v3 : 4.6
References () https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed - Broken Link () https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed - Broken Link
References () https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches - Patch, Vendor Advisory () https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches - Patch, Vendor Advisory

02 Aug 2021, 18:14

Type Values Removed Values Added
CPE cpe:2.3:a:sage:syracuse:*:*:*:*:*:*:*:*
cpe:2.3:a:sage:x3:12.0:*:*:*:*:*:*:*
References
  • (MISC) https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/ - Exploit, Third Party Advisory
References (MISC) https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed - (MISC) https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed - Broken Link
References (CONFIRM) https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches - (CONFIRM) https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches - Patch, Vendor Advisory
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.4

22 Jul 2021, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-22 19:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7390

Mitre link : CVE-2020-7390

CVE.ORG link : CVE-2020-7390


JSON object : View

Products Affected

sage

  • x3
  • syracuse
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')