CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

CVE-2020-14989

CVE-2020-14989 affects Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. The vulnerability is a cross-site request forgery (CSRF) flaw that occurs when an attacker tricks a user into issuing requests via GET where POST was intended. Impact details in the sources indicate potential integr...

CVE-2020-14988

Vulnerability: Bloomreach Experience Manager (brXM) 4.1.0–14.2.2. Affected component/script areas expose XSS via: loginpage (loginmessage), rich text editor (src attributes in HTML), translations menu (foldername), author page (link URL), and image upload with an SVG containing JavaScript. Root c...

CVE-2020-14987

CVE-2020-14987 affects Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. The issue arises from mishandling of the capability for administrators to write and run Groovy scripts within the updater editor, enabling remote code execution if an attacker can leverage an AST transforming annota...