Summary

A stored cross-site scripting (XSS) issues impact certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). 

Symptoms

**** Only the following information is permitted to be distributed to users of products enabled with Code Insight:

- CVE number (if available)

- CWE ID

- CVSS scores

- Any publicly available information

****

The cross-site scripting (XSS) issues were assigned a CVSS v3 score of 3.4; that is low severity.

Resolution

Code Insight 2020 R1 SP1 release (7.11.1-7) or later address the cross-site scripting issues with the Web UI. This version and greater is available for download on the Product and License Center. We advise Code Insight customers to update to the latest version. 

Additional Information

For identifying this vulnerability and disclosing it to Revenera under a responsible disclosure process, we'd like to thank Goutham Madhwaraj. 

Related Documents

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12082