Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MatrixSynapse

3 matches found

CVE
CVEadded 2020/11/24 3:15 a.m.113 views

CVE-2020-26890

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the ...

7.5CVSS7.4AI score0.00955EPSS
CVE
CVEadded 2020/10/19 5:15 p.m.102 views

CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/...

6.1CVSS5.9AI score0.00616EPSS
CVE
CVEadded 2020/12/09 7:15 p.m.90 views

CVE-2020-26257

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /send_join, /send_leave, /invit...

6.5CVSS6.6AI score0.00453EPSS