An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-03-11T18:07:20

Updated: 2024-08-04T13:00:52.171Z

Reserved: 2020-06-22T00:00:00

Link: CVE-2020-14988

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-11T19:15:12.717

Modified: 2024-11-21T05:04:35.063

Link: CVE-2020-14988

cve-icon Redhat

No data.