Lucene search
K

7 matches found

ArchLinux
ArchLinux
added 2020/11/03 12:0 a.m.19 views

[ASA-202011-4] matrix-synapse: cross-site scripting

Arch Linux Security Advisory ASA-202011-4 ========================================= Severity: High Date : 2020-11-03 CVE-ID : CVE-2020-26891 Package : matrix-synapse Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1252 Summary ======= The package matrix-synapse...

6.1CVSS3AI score0.01908EPSS
Exploits0References4
Circl
Circl
added 2020/10/19 8:46 p.m.5 views

CVE-2020-26891

creationtimestamp| type| source ---|---|--- 2020-10-19 20:46:19+00:00| seen| https://t.me/cibsecurity/15380...

6.1CVSS6.9AI score0.01908EPSS
Exploits0References1
OSV
OSV
added 2020/10/19 5:15 p.m.23 views

CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

6.1CVSS6.1AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/10/19 5:15 p.m.21 views

CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

6.1CVSS7AI score0.01908EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/10/19 4:47 p.m.30 views

CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

6.1AI score0.01908EPSS
Exploits0References4
CVE
CVE
added 2020/10/19 4:47 p.m.124 views

CVE-2020-26891

CVE-2020-26891 affects Matrix Synapse prior to version 1.21.0. The vulnerability is an XSS flaw in AuthRestServlet caused by unsafe interpolation of the session GET parameter, which could allow an attacker to craft a malicious URL that triggers script execution on the Synapse-hosted domain via en...

6.1CVSS5.9AI score0.01908EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/10/19 12:0 a.m.19 views

FreeBSD : py-matrix-synapse -- XSS vulnerability (5f39d80f-107c-11eb-8b47-641c67a117d8)

Matrix developers reports : The fallback authentication endpoint served via Synapse were vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities,...

6.1CVSS6.6AI score0.01908EPSS
Exploits0References5
Rows per page
Query Builder