CVE Published: 30/03/2020 |
CVE Updated: 16/09/2024 |
CVE Year: 2020 Source: certcc |
Vendor: Versiant |
Product: LYNX Customer Service Portal Status : PUBLISHED
CVE-2020-9055 Description
Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or information disclosure.
Metrics
CVSS Version: 3.1 |
Base Score: 3.9 LOW Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L