---

CVE-2020-26891 - log back

CVE-2020-26891 edited at 03 Nov 2020 08:51:39
Description	- A security issue has been found in matrix-synapse before 1.21.0, where HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks + A security issue has been found in matrix-synapse before 1.21.0, where HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks.

CVE-2020-26891 edited at 15 Oct 2020 15:22:37
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Cross-site scripting
Description	+ A security issue has been found in matrix-synapse before 1.21.0, where HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks
References	+ https://github.com/matrix-org/synapse/releases/tag/v1.21.2 + https://github.com/matrix-org/synapse/pull/8444
Notes

CVE-2020-26891 created at 15 Oct 2020 15:20:30