VYPR

Marmind

by Marmind

CVEs (3)

  • CVE-2020-26507HigNov 5, 2020
    risk 0.51cvss 7.8epss 0.01

    A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can…

  • CVE-2020-26505MedNov 5, 2020
    risk 0.40cvss 6.1epss 0.01

    A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker…

  • CVE-2020-26506MedNov 5, 2020
    risk 0.28cvss 4.3epss 0.01

    An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.