Log

AVG-1248 edited at 18 Oct 2020 11:25:53
Advisory qualified
- No
+ Yes
AVG-1248 edited at 18 Oct 2020 11:25:51
Status
- Vulnerable
+ Fixed
Fixed
+ 5.9.1.arch1-1
Advisory qualified
- Yes
+ No
AVG-1248 edited at 18 Oct 2020 11:25:46
Issues
CVE-2020-12351
CVE-2020-12352
- CVE-2020-16119
CVE-2020-24490
AVG-1248 edited at 18 Oct 2020 11:24:02
Issues
CVE-2020-12351
CVE-2020-12352
+ CVE-2020-16119
CVE-2020-24490
AVG-1240 edited at 18 Oct 2020 11:21:32
Status
- Fixed
+ Vulnerable
Fixed
- 6.8.0-1
AVG-1240 edited at 16 Oct 2020 15:06:40
Status
- Testing
+ Fixed
AVG-1207 edited at 15 Oct 2020 20:29:26
Status
- Testing
+ Fixed
AVG-1252 edited at 15 Oct 2020 15:54:16
Status
- Testing
+ Fixed
AVG-1252 edited at 15 Oct 2020 15:23:29
Status
- Vulnerable
+ Testing
Affected
- 1.21.0-1
+ 1.20.1-1
Fixed
+ 1.21.0-1
AVG-1252 edited at 15 Oct 2020 15:22:37
Severity
- Unknown
+ High
CVE-2020-26891 edited at 15 Oct 2020 15:22:37
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site scripting
Description
+ A security issue has been found in matrix-synapse before 1.21.0, where HTML pages served via Synapse were vulnerable to cross-site scripting (XSS) attacks
References
+ https://github.com/matrix-org/synapse/releases/tag/v1.21.2
+ https://github.com/matrix-org/synapse/pull/8444
Notes