How severe is CVE-2020-26574?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2020-26574?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2020-26574 - CRITICAL Severity | CVSS 9.6

Vulnerability Description

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Related Vulnerabilities

CVE-2011-3642

CRITICAL

CVSS:9.6(Critical)

Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web scr...

CWE-792011

CVE-2014-5039

CRITICAL

CVSS:9.6(Critical)

Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-792014

CVE-2015-10073

CRITICAL

CVSS:9.6(Critical)

A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Proper...

CWE-792015

CVE-2015-20105

CRITICAL

CVSS:9.6(Critical)

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due t...

CWE-792015

CVE-2018-18864

CRITICAL

CVSS:9.6(Critical)

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.

CWE-792018

CVE-2019-13363

CRITICAL

CVSS:9.6(Critical)

admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail&...

CWE-792019