CVE-2019-13020
The CVE-2019-13020 issue affects Tightrope Media Carousel prior to 7.1.3. The vulnerability stems from the CarouselAPI/v0/fetch?url= endpoint, enabling SSRF. Risks described include: (1) phishing-style content hijacking the user’s trust with the site and browser by serving malicious content from ...