Telescope
by Telescopeapp
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3454 | Hig | 0.42 | 7.5 | 0.03 | Sep 6, 2017 | TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. | ||
| CVE-2014-5144 | Med | 0.38 | 5.4 | 0.02 | Aug 9, 2017 | Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown. |
- risk 0.42cvss 7.5epss 0.03
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.
- risk 0.38cvss 5.4epss 0.02
Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.