VYPR
Unrated severityNVD Advisory· Published Mar 11, 2021· Updated Aug 4, 2024

CVE-2020-14988

CVE-2020-14988

Description

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the upload image functionality via an SVG document containing JavaScript.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.