Cross-Site Scripting Vulnerability in Unisys Data Exchange Management Studio
CVE-2020-35542

5.4MEDIUM

Key Information:

Vendor: Unisys
Status: Data Exchange Management Studio
Vendor: CVE Published:; 27 April 2021

What is CVE-2020-35542?

The Unisys Data Exchange Management Studio, up to version 5.0.34, is susceptible to a cross-site scripting (XSS) attack due to insufficient input sanitization when handling HTML document fields. Malicious actors can exploit this vulnerability to inject arbitrary scripts, potentially compromising the integrity and confidentiality of user data. Proper security measures should be taken to mitigate such risks.

References

https://public.support.unisys.com/common/public/vulnerabi...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2021
Vulnerability Reserved
Dec 17, 2020

CVE-2020-35542 Data

JSON