CVE-2020-5339 MEDIUM

CVE-2020-5339

Vendor Dell
Product RSA Authentication Manager
Weakness CWE-79 · XSS
Published March 25, 2020
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.

Key dates

02Disclosure timeline

March 25, 2020 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-12980 code-projects Job Recruitment _all_edits.php fln_update cross site scripting CVE-2021-24941 Icegram < 2.0.5 - Reflected Cross-Site Scripting CVE-2025-52131 CVE-2025-0598 Stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x CVE-2025-2225 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag'