Overview
Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript.
Description
Periscope BuySpeed is a "tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization, leading to it executing in the browser of the user. This could potentially allow for website redirection, session hijacking, or information disclosure. |
Impact
A local, authenticated attacker could add arbitrary JavaScript within the application that would execute in the browser of any user that views it, which potentially allows for website redirection, session hijacking, or information disclosure. |
Solution
This vulnerability has been corrected in BuySpeed version 15.3. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 3.2 | AV:L/AC:L/Au:S/C:N/I:P/A:P |
| Temporal | 2.9 | E:POC/RL:U/RC:C |
| Environmental | 0.9 | CDP:L/TD:L/CR:ND/IR:ND/AR:ND |
References
- https://www.periscopeholdings.com/buyspeed
- https://support.buyspeed.com/hc/en-us/articles/360035773831-Buyspeed-15-3-0-Release-Notes
- https://cwe.mitre.org/data/definitions/79.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-9056
- https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)#Stored_and_Reflected_XSS_Attacks
- https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html
Acknowledgements
This document was written by Laurie Tyzenhaus.
Other Information
| CVE IDs: | CVE-2020-9056 |
| Date Public: | 2020-04-06 |
| Date First Published: | 2020-04-06 |
| Date Last Updated: | 2020-04-15 13:42 UTC |
| Document Revision: | 50 |