CVE-2020-9055

Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or information disclosure.
References
Link Resource
https://csp.poha.com/lynx/ Permissions Required
https://kb.cert.org/vuls/id/962085/ Third Party Advisory US Government Resource
https://csp.poha.com/lynx/ Permissions Required
https://kb.cert.org/vuls/id/962085/ Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:versiant:lynx_customer_service_portal:3.5.2:*:*:*:*:*:*:*

History

21 Nov 2024, 05:39

Type Values Removed Values Added
References () https://csp.poha.com/lynx/ - Permissions Required () https://csp.poha.com/lynx/ - Permissions Required
References () https://kb.cert.org/vuls/id/962085/ - Third Party Advisory, US Government Resource () https://kb.cert.org/vuls/id/962085/ - Third Party Advisory, US Government Resource
CVSS v2 : 3.5
v3 : 5.4
v2 : 3.5
v3 : 3.9

Information

Published : 2020-03-30 22:15

Updated : 2024-11-21 05:39


NVD link : CVE-2020-9055

Mitre link : CVE-2020-9055

CVE.ORG link : CVE-2020-9055


JSON object : View

Products Affected

versiant

  • lynx_customer_service_portal
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')