Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-7118

Malware in sbrugna...

5.4CVSS5.6AI score0.00578EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-7117

Malware in sbrugna...

9CVSS7AI score0.03519EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-7119

Malware in sbrugna...

6.5CVSS6.6AI score0.0059EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:44 p.m.7 views

CVE-2020-14989

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...

6.5CVSS7AI score0.0059EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.7 views

CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

9CVSS8AI score0.03519EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.5 views

CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...

5.4CVSS6AI score0.00578EPSS
Exploits1
NVD
NVD
added 2021/03/11 7:15 p.m.24 views

CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...

5.4CVSS0.00578EPSS
Exploits1References1
NVD
NVD
added 2021/03/11 7:15 p.m.24 views

CVE-2020-14989

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...

6.5CVSS0.0059EPSS
Exploits1References1
Prion
Prion
added 2021/03/11 7:15 p.m.16 views

Cross site request forgery (csrf)

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...

4.3CVSS6.5AI score0.0059EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/03/11 7:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...

3.5CVSS5.2AI score0.00578EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/03/11 6:15 p.m.20 views

CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

9CVSS0.03519EPSS
Exploits1References1
Prion
Prion
added 2021/03/11 6:15 p.m.10 views

Code injection

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

9CVSS7.4AI score0.03519EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/03/11 6:14 p.m.26 views

CVE-2020-14989

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended...

6.5AI score0.0059EPSS
Exploits1References1
CVE
CVE
added 2021/03/11 6:14 p.m.47 views

CVE-2020-14989

CVE-2020-14989 affects Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. The vulnerability is a cross-site request forgery (CSRF) flaw that occurs when an attacker tricks a user into issuing requests via GET where POST was intended. Impact details in the sources indicate potential integr...

6.5CVSS6.4AI score0.0059EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/03/11 6:7 p.m.44 views

CVE-2020-14988

Vulnerability: Bloomreach Experience Manager (brXM) 4.1.0–14.2.2. Affected component/script areas expose XSS via: loginpage (loginmessage), rich text editor (src attributes in HTML), translations menu (foldername), author page (link URL), and image upload with an SVG containing JavaScript. Root c...

5.4CVSS5.2AI score0.00578EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/03/11 6:7 p.m.24 views

CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...

5.3AI score0.00578EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/03/11 5:50 p.m.21 views

CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

7.4AI score0.03519EPSS
Exploits1References1
CVE
CVE
added 2021/03/11 5:50 p.m.40 views

CVE-2020-14987

CVE-2020-14987 affects Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. The issue arises from mishandling of the capability for administrators to write and run Groovy scripts within the updater editor, enabling remote code execution if an attacker can leverage an AST transforming annota...

9CVSS7.4AI score0.03519EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/03/11 12:0 a.m.4 views

Bloomreach Experience Manager 跨站脚本漏洞

Bloomreach Experience Manager is an application from Bloomreach USA. which provides AI-driven search and merchandising tools. A cross-site scripting vulnerability exists in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2, which stems from the loginmessage parameter allowing XSS in the log...

5.4CVSS5.3AI score0.00578EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/03/11 12:0 a.m.5 views

Bloomreach Experience Manager 安全漏洞

Bloomreach Experience Manager is an application from Bloomreach USA. which provides AI-driven search and merchandising tools. A security vulnerability exists in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2, which originates from a vulnerability that could allow a remote attacker to...

9CVSS7.5AI score0.03519EPSS
Exploits1References2
Rows per page
Query Builder