Puncsky Touchbase.Ai vulnerabilities
4 known vulnerabilities affecting puncsky/touchbase.ai.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2020-26218P3MEDIUMCVSS 6.1PoCfixed in 2.02020-11-11
CVE-2020-26218 [MEDIUM] CWE-79 CVE-2020-26218: touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an a
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.
nvd
CVE-2020-26221P4MEDIUMCVSS 6.1fixed in 2.02020-11-11
CVE-2020-26221 [MEDIUM] CWE-79 CVE-2020-26221: touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allow
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. The issue is patched in version 2.0.
nvd
CVE-2020-26219P4MEDIUMCVSS 6.1fixed in 2.02020-11-11
CVE-2020-26219 [MEDIUM] CWE-601 CVE-2020-26219: touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from t
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can b
nvd
CVE-2020-26220P4LOWCVSS 3.5fixed in 2.02020-11-11
CVE-2020-26220 [LOW] CWE-200 CVE-2020-26220: toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with
toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0.
nvd