Security Advisory

CVE-2020-9388 - API Endpoints are not protected against CSRF

CVE: CVE-2020-9388 Description Cross-Site Request Forgery (CSRF) is an attack that enables a malicious actor to execu...
CVE-2020-9389 - Username enumeration possible via a timing attack

CVE: CVE-2020-9389 Description Username enumeration is the ability to find out valid usernames with an automated proc...
CVE-2020-9390 - Stored cross-site scripting

CVE: CVE-2020-9390 Description Cross-site scripting (XSS) enable attackers to bring malicious content into a website ...