CVE-2020-26249 HIGH

CVE-2020-26249: Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability

Vendor Cog-Creators
Product Red-Dashboard
Weakness CWE-79 · XSS
Published December 8, 2020
Last update August 4, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This high severity exploit has been fixed on version 0.1.7a. There are no workarounds, bot owners must upgrade their relevant packages (Dashboard module and Dashboard webserver) in order to patch this issue.

Key dates

02Disclosure timeline

December 8, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE