CVE search results

1 – 6 of 6 results

Detailed view

Sort by:

CVE-2021-28373

Medium priority

Not affected

The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all...

1 affected package

tt-rss

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tt-rss	—	—	Not in release	Not affected

CVE-2020-25789

Medium priority

Needs evaluation

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.

1 affected package

tt-rss

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tt-rss	Needs evaluation	Needs evaluation	Not in release	Needs evaluation

CVE-2020-25788

Medium priority

Needs evaluation

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.

1 affected package

tt-rss

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tt-rss	Needs evaluation	Needs evaluation	Not in release	Needs evaluation

CVE-2020-25787

Medium priority

Needs evaluation

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.

1 affected package

tt-rss

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tt-rss	Needs evaluation	Needs evaluation	Not in release	Needs evaluation

CVE-2017-16896

Medium priority

Vulnerable

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.

1 affected package

tt-rss

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tt-rss	Not affected	Vulnerable	Not in release	Vulnerable

CVE-2017-1000035

Medium priority

Vulnerable

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack

1 affected package

tt-rss

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tt-rss	Not affected	Not affected	Not in release	Not affected

Search CVE reports