Unrated severityNVD Advisory· Published Jul 22, 2021· Updated Sep 16, 2024

Sage X3 Syracuse Persistent XSS in Edit User page

CVE-2020-7390

Description

Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 (components shipped with Syracuse 12.10.0 and later) of Sage X3. Other on-premises versions of Sage X3 are unaffected or unsupported by the vendor.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

ROADCAM/X3llm-fuzzy
Range: >=12.10.0
Sage/X3v5
Range: V12

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixedmitrex_refsource_MISC
www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patchesmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000