CVE-2020-26938

In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.

Publication date: Thu, 08 Sep 2022 01:15:00 +0000

Cyber News related to CVE-2020-26938

CVE-2020-26938 - In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a ...
1 year ago

CVE-2023-26938 - ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this ...
1 year ago

CVE-2022-26932 - Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26938, CVE-2022-26939. ...
2 years ago

CVE-2022-26938 - Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26932, CVE-2022-26939. ...
1 year ago

CVE-2022-26939 - Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26932, CVE-2022-26938. ...
1 year ago

CVE-2021-26938 - ** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the PHP version running on this hosts. ...
3 years ago

CVE-2024-26938 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago

CVE-2020-1246 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1266 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1262 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1275 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1264 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1276 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1274 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1237 - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, ...
3 years ago

CVE-2020-1307 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1273 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1316 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1269 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
2 years ago

CVE-2020-0986 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, ...
2 years ago

CVE-2020-0632 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0626 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0631 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0629 - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, ...
3 years ago

CVE-2020-0768 - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, ...
3 years ago

Latest Cyber News

CVE-2025-22214 - 11 hours ago
CVE-2024-56829 - 11 hours ago
CVE-2025-0168 - 1 day ago
CVE-2024-11846 - 1 day ago
CVE-2024-56020 - 1 day ago
CVE-2024-56021 - 1 day ago
CVE-2024-23436 - 1 day ago
CVE-2024-23437 - 1 day ago
CVE-2024-23438 - 1 day ago
CVE-2024-23420 - 1 day ago
CVE-2024-23421 - 1 day ago
CVE-2024-23422 - 1 day ago
CVE-2024-23423 - 1 day ago
CVE-2024-23424 - 1 day ago
CVE-2024-23425 - 1 day ago
CVE-2024-23426 - 1 day ago
CVE-2024-23427 - 1 day ago
CVE-2024-23428 - 1 day ago
CVE-2024-23429 - 1 day ago
CVE-2024-23430 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-11846 - 1 day ago
CVE-2025-0168 - 1 day ago
CVE-2024-56829 - 11 hours ago
CVE-2025-22214 - 11 hours ago
CVE-2024-45497 - 2 days ago
CVE-2024-13067 - 2 days ago
CVE-2024-49422 - 2 days ago
CVE-2024-56211 - 2 days ago
CVE-2024-56212 - 2 days ago
CVE-2024-56213 - 2 days ago
CVE-2024-56214 - 2 days ago
CVE-2024-56216 - 2 days ago
CVE-2024-56218 - 2 days ago
CVE-2024-56220 - 2 days ago
CVE-2024-56222 - 2 days ago
CVE-2024-56229 - 2 days ago
CVE-2024-56230 - 2 days ago
CVE-2024-56232 - 2 days ago
CVE-2024-12105 - 2 days ago
CVE-2024-12106 - 2 days ago