← back
CVE-2020-9055

Versiant Lynx Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow an attacker to execute arbitrary JavaScript

CVSS 3.9 LOWEPSS 0.5%CWE-79
Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to website redirects, session cookie hijacking, or information disclosure.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Affected products
Versiant · LYNX Customer Service Portal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://csp.poha.com/lynx/https://kb.cert.org/vuls/id/962085/