admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/7xxx/CVE-2020-7390.json
Tod Beardsley 0c6aecb2f1
Add disclosed Sage X3 vulns
2021-07-22 10:04:40 -05:00

100 lines
3.6 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2021-07-07T13:05:00.000Z",
"ID": "CVE-2020-7390",
"STATE": "PUBLIC",
"TITLE": "Sage X3 Syracuse Persistent XSS in Edit User page"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "X3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "V12",
"version_value": "Syracuse 12.10.0"
}
]
}
}
]
},
"vendor_name": "Sage"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Peterson, Aaron Herndon, Cale Black, Ryan Villarrea, and William Vu, all of Rapid7, and Vivek Srivastav of Cobalt Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sage X3 Stored XSS Vulnerability on Edit Page of User Profile. An authenticated user can pass XSS strings the \"First Name,\" \"Last Name,\" and \"Email Address\" fields of this web application component. Updates are available for on-premises versions of Version 12 (components shipped with Syracuse 12.10.0 and later) of Sage X3. Other on-premises versions of Sage X3 are unaffected or unsupported by the vendor."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed",
"refsource": "MISC",
"url": "https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed"
},
{
"name": "https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches",
"refsource": "CONFIRM",
"url": "https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink