4 matches found
CVE-2020-26218
CVE-2020-26218 affects touchbase.ai prior to version 2.0 and is a Cross-Site Scripting vulnerability that lets attackers inject HTML payloads, potentially causing defacement and user redirection to malicious pages. The issue is mitigated by upgrading to version 2.0, which patches the vulnerabilit...
CVE-2020-26219
Touchbase.ai prior to version 2.0 is affected by an Open Redirect vulnerability. The issue allows redirection to attacker-controlled content and can lead to information/credential theft and, in some cases, cross-site scripting. The advisory notes the vulnerability is fixed in version 2.0. Remedia...
CVE-2020-26221
The CVE-2020-26221 entry concerns touchbase.ai before version 2.0, where a Cross-Site Scripting (XSS) vulnerability exists in the affected web application. The flaw allows an attacker to inject JavaScript that can hijack a user’s cookie/session tokens, redirect users to malicious pages, or cause ...
CVE-2020-26220
The CVE-2020-26220 entry describes a data disclosure in toucbase.ai where images uploaded by users fail to have EXIF data stripped. The underlying issue allows an attacker with access to another user’s uploaded image to obtain embedded EXIF details such as geolocation, device name, and software/v...