admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-08 03:26:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2020/CVE-2020-10146.md

19 lines
942 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2020-10146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10146)
![](https://img.shields.io/static/v1?label=Product&message=Teams&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%20on%20or%20about%20October%202020%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
### Description
The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.
### POC
#### Reference
- https://github.com/oskarsve/ms-teams-rce
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://github.com/oskarsve/ms-teams-rce
Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink