Cado Security Gets $1.5 Million Seed
From DHS/US-CERT’s National Vulnerability Database CVE-2020-25398
PUBLISHED: 2020-11-05
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.
CVE-2020-25399
PUBLISHED: 2020-11-05
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user’s session by sending a malicious file in the chat.
CVE-2020-26506
PUBLISHED: 2020-11-05
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.
CVE-2020-28115
PUBLISHED: 2020-11-05
SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter.
CVE-2020-28047
PUBLISHED: 2020-11-05
AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via ‘action, cargo, panel’ parameters that can lead to data leakage…
Read More HERE