RSS   Podatności dla 'Lin-cms-flask'   RSS

2021-08-16
 
CVE-2020-18698

CWE-307
 

 
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.

 
 
CVE-2020-18699

CWE-79
 

 
Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'.

 
 
CVE-2020-18701

CWE-863
 

 
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.

 


Copyright 2021, cxsecurity.com

 

Back to Top