PT-2020-20463 · Versant · Versiant Lynx Customer Service Portal

Laurie Tyzenhaus

Published

2020-03-30

Updated

2020-04-01

CVE-2020-9055

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Versiant LYNX Customer Service Portal (CSP) version 3.5.2

Description The issue allows a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user, potentially leading to website redirects, session cookie hijacking, or information disclosure.

Recommendations For version 3.5.2, update to a version that includes a fix for the stored cross-site scripting issue to prevent malicious JavaScript from being inserted and displayed to the end user. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-9055

Affected Products

Versiant Lynx Customer Service Portal

PT-2020-20463 · Versant · Versiant Lynx Customer Service Portal

CVE-2020-9055

Weakness Enumeration

Related Identifiers

Affected Products

References · 5