2 matches found
CVE-2020-23014
APfell 1.4 is vulnerable to authenticated reflected cross-site scripting XSS in /apiui/command through the payloadtypescallback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel...
CVE-2020-23014
CVE-2020-23014 affects APfell 1.4 with an authenticated reflected XSS in /apiui/command_ via payloadtypes_callback. The vulnerability can enable theft of admin/user sessions and addition of new users to the administration panel. Public sources in the connected Red Hat advisory reiterate the issue...