Maxum: community verdicts
3 notable / known-exploited Maxum CVEs the community has triaged.
- CVE-2020-27575HIGH 8.8Real · low riskEPSS 5%
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.
- CVE-2020-27574HIGH 8.8Real · low riskEPSS 1%
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.
- CVE-2020-27576MED 5.4EPSS 1%
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.