Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Bloomreach Security Vulnerabilities

cve
cve

CVE-2020-14989

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was...

6.5CVSS

6.4AI Score

0.001EPSS

2021-03-11 07:15 PM
20
4
cve
cve

CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the....

5.4CVSS

5.2AI Score

0.001EPSS

2021-03-11 07:15 PM
24
cve
cve

CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST...

7.2CVSS

7.4AI Score

0.003EPSS

2021-03-11 06:15 PM
18