CVE-2020-26505
Last modified
CVE-2020-26505 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized actions in the application on behalf of legitimate users or spread malware via the application. EPSS estimates a 0.70% chance of exploitation in the next 30 days.
Description
A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized actions in the application on behalf of legitimate users or spread malware via the application. By using the “Assets Upload” function, an attacker can abuse the upload function to upload a malicious PDF file containing a stored XSS.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Marmind | Marmind | 4.1.141.0 |
References
- https://www.marmind.com/en/Vendor Advisory
- https://www2.deloitte.com/de/de/pages/risk/articles/marmind-xss.html?nc=1Exploit, Third Party Advisory
- https://www.marmind.com/en/Vendor Advisory
- https://www2.deloitte.com/de/de/pages/risk/articles/marmind-xss.html?nc=1Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-26505?
How severe is CVE-2020-26505?
How do I fix CVE-2020-26505?
Are you affected by CVE-2020-26505?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST