Tt-Rss Tiny Tiny Rss vulnerabilities
5 known vulnerabilities affecting tt-rss/tiny_tiny_rss.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-25787P2CRITICALCVSS 9.8PoCfixed in 2020-09-162020-09-19
CVE-2020-25787 [CRITICAL] CWE-20 CVE-2020-25787: An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all UR
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
nvd
CVE-2017-16896P3CRITICALCVSS 9.8v17.42017-11-20
CVE-2017-16896 [CRITICAL] CWE-89 CVE-2017-16896: A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exis
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
nvd
CVE-2021-28373P3HIGHCVSS 7.5fixed in 2021-03-122021-03-13
CVE-2021-28373 [HIGH] CWE-863 CVE-2021-28373: The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log i
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in production. Semantic version numbers such as 21.03 appear
nvd
CVE-2020-25788P3HIGHCVSS 8.1fixed in 2020-09-162020-09-19
CVE-2020-25788 [HIGH] CWE-829 CVE-2020-25788: An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_prox
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.
nvd
CVE-2020-25789P4MEDIUMCVSS 6.1fixed in 2020-09-162020-09-19
CVE-2020-25789 [MEDIUM] CWE-79 CVE-2020-25789: An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mish
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
nvd