Unrated severityNVD Advisory· Published Mar 11, 2021· Updated Aug 4, 2024
CVE-2020-14988
CVE-2020-14988
Description
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Bloomreach/Experience Managerdescription
- Range: >=4.1.0, <=14.2.2
Patches
Vulnerability mechanics
References
1- tvrbk.github.io/cve/2021/03/09/brXM.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.