CVE-2020-7390 MEDIUM

CVE-2020-7390: Sage X3 Syracuse Persistent XSS in Edit User page

Vendor Sage
Product X3
Weakness CWE-79 · XSS
Published July 22, 2021
Last update September 16, 2024

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 (components shipped with Syracuse 12.10.0 and later) of Sage X3. Other on-premises versions of Sage X3 are unaffected or unsupported by the vendor.

Key dates

02Disclosure timeline

July 22, 2021 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE