CERTVU:660597Periscope BuySpeed is vulnerable to stored cross-site scripting
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
0.001 Low
EPSS
Percentile
23.5%
Overview
Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which may allow a local, authenticated attacker to execute arbitrary JavaScript.
Description
Periscope BuySpeed is a βtool to automate the full procure-to-pay process efficiently and intelligentlyβ. BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sanitization, leading to it executing in the browser of the user. This could potentially allow for website redirection, session hijacking, or information disclosure.
Impact
A local, authenticated attacker could add arbitrary JavaScript within the application that would execute in the browser of any user that views it, which potentially allows for website redirection, session hijacking, or information disclosure.
Solution
This vulnerability has been corrected in BuySpeed version 15.3.
Vendor Information
660597
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Periscope Holdings __ Affected
Notified: June 26, 2019 Updated: April 10, 2020
Statement Date: November 01, 2019
Status
Affected
Vendor Statement
Periscope Holdings, Inc. takes cybersecurity very seriously, including the report of this vulnerability by Carnegie Mellonβs CERT Coordination Center. Our team was aware of this vulnerability prior to CERTβs notification on April 6, 2020 and had already developed remediation and made this available to customers in BuySpeed version 15.3.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 3.2 | AV:L/AC:L/Au:S/C:N/I:P/A:P |
| Temporal | 2.9 | E:POC/RL:U/RC:C |
| Environmental | 0.9 | CDP:L/TD:L/CR:ND/IR:ND/AR:ND |
References
- <https://www.periscopeholdings.com/buyspeed>
- <https://support.buyspeed.com/hc/en-us/articles/360035773831-Buyspeed-15-3-0-Release-Notes>
- <https://cwe.mitre.org/data/definitions/79.html>
- <https://nvd.nist.gov/vuln/detail/CVE-2020-9056>
- <https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)#Stored_and_Reflected_XSS_Attacks>
- <https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html>
Acknowledgements
This document was written by Laurie Tyzenhaus.
Other Information
| CVE IDs: | CVE-2020-9056 |
|---|---|
| Date Public: | 2020-04-06 Date First Published: |
References
cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html
cwe.mitre.org/data/definitions/79.html
nvd.nist.gov/vuln/detail/CVE-2020-9056
support.buyspeed.com/hc/en-us/articles/360035773831-Buyspeed-15-3-0-Release-Notes
www.owasp.org/index.php/Cross-site_Scripting_(XSS)#Stored_and_Reflected_XSS_Attacks
www.periscopeholdings.com/buyspeed
Related
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
0.001 Low
EPSS
Percentile
23.5%