CVE-2020-14943

MEDIUM

Global RADAR BSA Radar <1.6.7234.24750 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-14943. PoCs published by William Summerhill.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in BSA Radar 1.6.7234.24750, where the 'Firstname' and 'Lastname' parameters in the user profile update feature are vulnerable to script injection. The payload executes on nearly every application page while logged in.

Description

The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.

Exploits (1)

exploitdb WRITEUP
by William Summerhill · textwebappsmultiple
https://www.exploit-db.com/exploits/48619

This is a writeup describing a stored XSS vulnerability in BSA Radar 1.6.7234.24750, where the 'Firstname' and 'Lastname' parameters in the user profile update feature are vulnerable to script injection. The payload executes on nearly every application page while logged in.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Global RADAR BSA Radar 1.6.7234.X
Auth required
Prerequisites: Valid user credentials · Access to the user profile update feature
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.4
EPSS 0.0368
EPSS Percentile 88.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
globalradar/bsa_radar < 1.6.7234.24750
Published Jun 22, 2020
Tracked Since Feb 18, 2026