PT-2020-20464 · Periscope · Periscope Buyspeed

Published

2020-04-10

Updated

2020-04-13

CVE-2020-9056

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Periscope BuySpeed versions 14.5 through 15.2

Description The issue allows a local, authenticated attacker to store arbitrary JavaScript within the application, which is then executed in the user's browser without sanitization. This could lead to website redirection, session hijacking, or information disclosure.

Recommendations For Periscope BuySpeed versions 14.5 through 15.2, update to version 15.3 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-9056

Affected Products

Periscope Buyspeed

PT-2020-20464 · Periscope · Periscope Buyspeed

CVE-2020-9056

Weakness Enumeration

Related Identifiers

Affected Products

References · 5