Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2020/04/10 7:15 p.m.1 views

CVE-2020-9056

Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization and is executed in the browser of...

5.4CVSS6AI score
Exploits0References2
NVD
NVDadded 2020/04/10 7:15 p.m.11 views

CVE-2020-9056

Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization and is executed in the browser of...

5.4CVSS4.5AI score0.00303EPSS
Exploits0References2
Prion
Prionadded 2020/04/10 7:15 p.m.8 views

Information disclosure

Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization and is executed in the browser of...

3.5CVSS5.2AI score0.00303EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2020/04/10 6:35 p.m.11 views

CVE-2020-9056 Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting

Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization and is executed in the browser of...

3.9CVSS5.2AI score0.00303EPSS
Exploits0References2
CVE
CVEadded 2020/04/10 6:35 p.m.141 views

CVE-2020-9056

Periscope BuySpeed 14.5 is vulnerable to stored cross-site scripting (XSS) due to unsanitized client-side data. A local, authenticated attacker can store arbitrary JavaScript within BuySpeed, which is then executed in the browser of other users, potentially enabling website redirection, session h...

5.4CVSS4.7AI score0.00303EPSS
Exploits0References2Affected Software1
CNVD
CNVDadded 2020/04/07 12:0 a.m.2 views

Periscope Holdings BuySpeed Cross-Site Scripting Vulnerability

Periscope Holdings BuySpeed is a procurement process management system from Periscope Holdings, USA. The system includes vendor management, purchasing management, order management and contract management functions. A cross-site scripting vulnerability exists in Periscope Holdings BuySpeed version...

5.4CVSS6.3AI score0.00303EPSS
Exploits0References1
CERT
CERTadded 2020/04/06 12:0 a.m.28 views

Periscope BuySpeed is vulnerable to stored cross-site scripting

Overview Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript. Description Periscope BuySpeed is a "tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed...

5.4CVSS5.1AI score0.00303EPSS
Exploits0References6
Rows per page
Query Builder