5 matches found
Puncsky Touchbase.ai cross-site scripting vulnerability (CNVD-2020-66598)
Puncsky Touchbase.ai is a web platform for interpersonal relationships by Puncsky Individual Developers. A cross-site scripting vulnerability exists in versions prior to touchbase.ai 2.0, which can be exploited by an attacker to send malicious JavaScript code that hijacks a user's cookie session...
Puncsky Touchbase.ai Cross-Site Scripting Vulnerability
Puncsky Touchbase.ai is a web platform for interpersonal relationships by Puncsky Individual Developers. A cross-site scripting vulnerability exists in versions prior to touchbase.ai 2.0, which can be exploited by an attacker to inject an HTML payload, resulting in damage, user redirection to a...
Puncsky Touchbase.ai Information Disclosure Vulnerability
Puncsky Touchbase.ai is a web platform for interpersonal relationships by Puncsky Individual Developers. A security vulnerability exists in versions prior to touchbase.ai 2.0, which stems from a failure to strip exif data from an image, thus leaking information. Anyone with access to an image...
CVE-2020-26219
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection...
CVE-2020-26218
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0...