20 matches found
EUVD-2020-18086
Malware in sbrugna...
EUVD-2020-18085
Malware in sbrugna...
CVE-2020-25399
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat...
CVE-2020-25398
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...
CVE-2020-25399
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat...
CVE-2020-25398
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...
CVE-2020-25399
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat...
CVE-2020-25398
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...
Cross site scripting
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat...
Design/Logic Flaw
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...
CVE-2020-25398
CVE-2020-25398 affects InterMind iMind Server up to version 3.13.65, via the csv export function. The root cause is CSV Injection in exported CSV data. CVSS-3.1 vector indicates Network attack, high impact to confidentiality, integrity, and availability (base 8.8). Practical exploitation details ...
CVE-2020-25398
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...
CVE-2020-25399
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat...
CVE-2020-25399
CVE-2020-25399 affects InterMind iMind Server up to version 3.13.65. The issue is a Stored XSS in the chat file handling that allows any user to hijack another user’s session. Documents do not specify the exact vulnerable component or root cause details beyond the stored XSS in chat. Impact is de...
CVE-2020-24765
InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request...
CVE-2020-24765
InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request...
Server side request forgery (ssrf)
InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request...
CVE-2020-24765
InterMind iMind Server up to version 3.13.65 is affected by an unauthenticated remote read of the self‑diagnostic archive via the endpoint /api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1. The issue allows remote attackers to access diagnostic archives, and reports describe ...
CVE-2020-24765
InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request...
CVE-2020-24765
InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. Recent assessments: trump88 at October 10, 2020 6:25am UTC reported: Authentication Bypass...