A stored cross-site scripting (XSS) issues impact certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).
**** Only the following information is permitted to be distributed to users of products enabled with Code Insight:
- CVE number (if available)
- CWE ID
- CVSS scores
- Any publicly available information
The cross-site scripting (XSS) issues were assigned a CVSS v3 score of 3.4; that is low severity.
Code Insight 2020 R1 SP1 release (7.11.1-7) or later address the cross-site scripting issues with the Web UI. This version and greater is available for download on the Product and License Center. We advise Code Insight customers to update to the latest version.
For identifying this vulnerability and disclosing it to Revenera under a responsible disclosure process, we'd like to thank Goutham Madhwaraj.