Lucene search
MitreCVELIST:CVE-2020-26891HistoryOct 19, 2020 - 4:47 p.m.
CVE-2020-26891
2020-10-1916:47:17
mitre
www.cve.org
4
cve-2020-26891
matrix synapse
xss
session parameter
remote attacker
malicious url.
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth//fallback/web or /_matrix/client/unstable/auth//fallback/web Synapse endpoints.
Related
veracode
veracode
Cross-Site Scripting (XSS)
2020-10-19 05:49:26
osv
osv
CVE-2020-26891
2020-10-19 17:15:13
PYSEC-2020-238
2020-10-19 17:15:00
github
github
alpinelinux
alpinelinux
CVE-2020-26891
2020-10-19 17:15:13
ubuntucve
ubuntucve
CVE-2020-26891
2020-10-19 00:00:00
freebsd
freebsd
py-matrix-synapse -- XSS vulnerability
2020-10-01 00:00:00
archlinux
archlinux
[ASA-202011-4] matrix-synapse: cross-site scripting
2020-11-03 00:00:00
cve
cve
CVE-2020-26891
2020-10-19 17:15:13
nessus
nessus
prion
prion
Design/Logic Flaw
2020-10-19 17:15:00
nvd
nvd
CVE-2020-26891
2020-10-19 17:15:13
debiancve
debiancve
CVE-2020-26891
2020-10-19 17:15:13