7 matches found
[ASA-202011-4] matrix-synapse: cross-site scripting
Arch Linux Security Advisory ASA-202011-4 ========================================= Severity: High Date : 2020-11-03 CVE-ID : CVE-2020-26891 Package : matrix-synapse Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1252 Summary ======= The package matrix-synapse...
CVE-2020-26891
creationtimestamp| type| source ---|---|--- 2020-10-19 20:46:19+00:00| seen| https://t.me/cibsecurity/15380...
CVE-2020-26891
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...
CVE-2020-26891
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...
CVE-2020-26891
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...
CVE-2020-26891
CVE-2020-26891 affects Matrix Synapse prior to version 1.21.0. The vulnerability is an XSS flaw in AuthRestServlet caused by unsafe interpolation of the session GET parameter, which could allow an attacker to craft a malicious URL that triggers script execution on the Synapse-hosted domain via en...
FreeBSD : py-matrix-synapse -- XSS vulnerability (5f39d80f-107c-11eb-8b47-641c67a117d8)
Matrix developers reports : The fallback authentication endpoint served via Synapse were vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities,...