Webcit Security Vulnerabilities and Issues — Webcit CVE List

Lucene search

CitadelWebcit

4 matches found

cve•added 2020/10/28 7:15 p.m.•39 views

CVE-2020-27739

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

9.8CVSS9.4AI score0.02227EPSS

cve•added 2020/10/28 7:15 p.m.•33 views

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.5CVSS6.3AI score0.00161EPSS

cve•added 2020/10/28 7:15 p.m.•31 views

CVE-2020-27740

Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

5.3CVSS5.4AI score0.00409EPSS

cve•added 2020/10/28 7:15 p.m.•29 views

CVE-2020-27741

Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

6.1CVSS6.1AI score0.00336EPSS