CVE-2020-9055 LOW

CVE-2020-9055: Versiant Lynx Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow an attacker to execute arbitrary JavaScript

Vendor Versiant

Product LYNX Customer Service Portal

Weakness CWE-79 · XSS

Published March 30, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

3.9/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

Description

Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or information disclosure.

Key dates

Disclosure timeline

March 30, 2020 CVE published

September 16, 2024 Record updated