CVE-2020-26249

Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability

Description

Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This high severity exploit has been fixed on version 0.1.7a. There are no workarounds, bot owners must upgrade their relevant packages (Dashboard module and Dashboard webserver) in order to patch this issue.

Category

7.7
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.41%
Third-Party Advisory github.com Third-Party Advisory github.com Third-Party Advisory github.com Third-Party Advisory pypi.org
Affected: Cog-Creators Red-Dashboard
Published at:
Updated at:

References

Link Tags
https://github.com/Cog-Creators/Red-Dashboard/security/advisories/GHSA-hm45-mgqm-gjm4 third party advisory patch
https://pypi.org/project/Red-Dashboard product third party advisory
https://github.com/Cog-Creators/Red-Dashboard/commit/a6b9785338003ec87fb75305e7d1cc2d40c7ab91 third party advisory patch
https://github.com/Cog-Creators/Red-Dashboard/commit/99d88b840674674166ce005b784ae8e31e955ab1 third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2020-26249?
CVE-2020-26249 has been scored as a high severity vulnerability.
How to fix CVE-2020-26249?
To fix CVE-2020-26249, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-26249 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-26249 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-26249?
CVE-2020-26249 affects Cog-Creators Red-Dashboard.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.