Lucene search
Veracode Vulnerability DatabaseVERACODE:28654HistoryDec 21, 2020 - 5:31 a.m.
Cross-site Scripting (XSS)
2020-12-2105:31:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
openslides
vulnerability
cross-site scripting
attack
injection
EPSS
0.001
Percentile
49.0%
openslides is vulnerable to cross-site scirpting (XSS). An attacker is able to inject a malicious script via various places, e.g. for personal notes or in motions and get it executed when other users read the respective text.
References
github.com/OpenSlides/OpenSlides/blob/master/CHANGELOG.rst#version-33-2020-12-18
github.com/OpenSlides/OpenSlides/commit/6eae497abeab234418dfbd9d299e831eff86ed45
github.com/OpenSlides/OpenSlides/commit/f3809fc8a97ee305d721662a75f788f9e9d21938
github.com/OpenSlides/OpenSlides/pull/5714
github.com/OpenSlides/OpenSlides/security/advisories/GHSA-w5wr-98qm-jx92
www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-043.txt
Related
redhatcve
redhatcve
CVE-2020-26280
2022-05-20 22:40:30
osv
osv
PYSEC-2020-72
2020-12-18 19:15:00
CVE-2020-26280
2020-12-18 19:15:14
nvd
nvd
CVE-2020-26280
2020-12-18 19:15:14
cve
cve
CVE-2020-26280
2020-12-18 19:15:14
cvelist
cvelist
CVE-2020-26280 XSS in OpenSlides
2020-12-18 18:25:16
prion
prion
Cross site scripting
2020-12-18 19:15:00