An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://tvrbk.github.io/cve/2021/03/09/brXM.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-11T18:07:20
Updated: 2024-08-04T13:00:52.171Z
Reserved: 2020-06-22T00:00:00
Link: CVE-2020-14988
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-11T19:15:12.717
Modified: 2024-11-21T05:04:35.063
Link: CVE-2020-14988
Redhat
No data.