Medium severity6.1NVD Advisory· Published Nov 5, 2020· Updated Jun 17, 2026
CVE-2020-26505
CVE-2020-26505
Description
A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized actions in the application on behalf of legitimate users or spread malware via the application. By using the “Assets Upload” function, an attacker can abuse the upload function to upload a malicious PDF file containing a stored XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- www2.deloitte.com/de/de/pages/risk/articles/marmind-xss.htmlnvdExploitThird Party Advisory
- www.marmind.com/en/nvdVendor Advisory
News mentions
0No linked articles in our index yet.