Vulnerability Details CVE-2020-14988
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.3%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-14988
-
cpe:2.3:a:bloomreach:experience_manager:14.1.0
-
cpe:2.3:a:bloomreach:experience_manager:14.1.1
-
cpe:2.3:a:bloomreach:experience_manager:14.2.1
-
cpe:2.3:a:bloomreach:experience_manager:14.2.2