What is CVE-2020-7390?

CVE-2020-7390 is a medium-severity vulnerability in Sage X3, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2021-07-22.

How severe is CVE-2020-7390?

Medium severity. CVSS v3 base score is 4.6 out of 10.

XSS in Sage X3

CVE-2020-7390

Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (56.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N.

Affected products

Sage X3 — versions V12

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed (x_refsource_MISC)
www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/14799… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-7390?: CVE-2020-7390 is a medium-severity vulnerability in Sage X3, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2021-07-22.
How severe is CVE-2020-7390?: Medium severity. CVSS v3 base score is 4.6 out of 10.