Lucene search
K

265 matches found

OSV
OSV
added 2020/10/28 7:15 p.m.2 views

CVE-2020-27739

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

9.8CVSS7.3AI score0.01814EPSS
Exploits1References2
NVD
NVD
added 2020/10/28 7:15 p.m.22 views

CVE-2020-27741

Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

6.1CVSS6.2AI score0.00831EPSS
Exploits1References2
NVD
NVD
added 2020/10/28 7:15 p.m.29 views

CVE-2020-27739

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

9.8CVSS9.6AI score0.01814EPSS
Exploits1References2
OSV
OSV
added 2020/10/28 7:15 p.m.4 views

CVE-2020-27741

Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

6.1CVSS6.4AI score0.00831EPSS
Exploits1References2
NVD
NVD
added 2020/10/28 7:15 p.m.16 views

CVE-2020-27740

Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

5.3CVSS5.4AI score0.01277EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/10/28 7:15 p.m.32 views

CVE-2020-27741

Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

6.1CVSS6.4AI score0.00831EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2020/10/28 7:15 p.m.37 views

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.5CVSS6.7AI score0.01136EPSS
Exploits1References3
Prion
Prion
added 2020/10/28 7:15 p.m.16 views

Session fixation

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

7.5CVSS9.5AI score0.01814EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/10/28 7:15 p.m.13 views

Security feature bypass

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

4CVSS6.3AI score0.01136EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/10/28 7:15 p.m.29 views

CVE-2020-27739

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

9.8CVSS7.2AI score0.01814EPSS
Exploits1References3
OSV
OSV
added 2020/10/28 7:15 p.m.5 views

UBUNTU-CVE-2020-27741

Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

6.1CVSS6.5AI score0.00831EPSS
Exploits1References4
OSV
OSV
added 2020/10/28 7:15 p.m.3 views

UBUNTU-CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.5CVSS6.6AI score0.01136EPSS
Exploits1References4
OSV
OSV
added 2020/10/28 7:15 p.m.4 views

UBUNTU-CVE-2020-27740

Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

5.3CVSS5.8AI score0.01277EPSS
Exploits1References4
OSV
OSV
added 2020/10/28 7:15 p.m.3 views

UBUNTU-CVE-2020-27739

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

9.8CVSS5.8AI score0.01814EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/10/28 6:44 p.m.26 views

CVE-2020-27739

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...

9.6AI score0.01814EPSS
Exploits1References2
CVE
CVE
added 2020/10/28 6:44 p.m.59 views

CVE-2020-27739

CVE-2020-27739 describes a weak session‑management vulnerability in Citadel WebCit up to version 926, where unauthenticated remote attackers can hijack a recently logged‑in user’s session. The description clearly states the affected component is WebCit (the Citadel Servlet engine) and the impact ...

9.8CVSS9.4AI score0.01814EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2020/10/28 6:44 p.m.19 views

CVE-2020-27739

Removed by vendor...

9.8CVSS9.4AI score0.01814EPSS
Exploits1
CVE
CVE
added 2020/10/28 6:44 p.m.45 views

CVE-2020-27742

CVE-2020-27742 affects Citadel WebCit (through version 926) and is an Insecure Direct Object Reference vulnerability that lets an authenticated remote attacker read someone else’s emails via the msg_confirm_move template. The vulnerability is documented across multiple sources (NVD entry and Red ...

6.5CVSS6.3AI score0.01136EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/10/28 6:44 p.m.19 views

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.4AI score0.01136EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2020/10/28 6:44 p.m.12 views

CVE-2020-27742

Removed by vendor...

6.5CVSS6.5AI score0.01136EPSS
Exploits1
Rows per page
Query Builder