Lucene search

CVE-2023-27592

🗓️ 17 Mar 2023 20:13:15Reported by GitHub_MType

Miniflux v2.0.25 allows XSS via crafted RSS fee

Reporter	Title	Published	Views	Family All 8
Vulnrichment	CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler	17 Mar 202319:04	–	vulnrichment
NVD	CVE-2023-27592	17 Mar 202320:15	–	nvd
AlpineLinux	CVE-2023-27592	17 Mar 202320:15	–	alpinelinux
Cvelist	CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler	17 Mar 202319:04	–	cvelist
Veracode	Cross-site Scripting (XSS)	20 Mar 202323:46	–	veracode
Veracode	Cross-Site Scripting (XSS)	28 Mar 202305:04	–	veracode
Prion	Design/Logic Flaw	17 Mar 202320:15	–	prion
OSV	CVE-2023-27592	17 Mar 202320:15	–	osv

Nvd

Vulners

Node

miniflux_project minifluxRange2.0.25–2.0.43go

[
  {
    "vendor": "miniflux",
    "product": "v2",
    "versions": [
      {
        "version": ">= 2.0.25, < 2.0.43",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/miniflux/v2/security/advisories/GHSA-mqqg-xjhj-wfgw
github	www.github.com/miniflux/v2/releases/tag/2.0.43
github	www.github.com/miniflux/v2/blob/b2fd84e0d376a3af6329b9bb2e772ce38a25c31c/ui/proxy.go
github	www.github.com/miniflux/v2/blob/b2fd84e0d376a3af6329b9bb2e772ce38a25c31c/ui/proxy.go
github	www.github.com/miniflux/v2/releases/tag/2.0.25
github	www.github.com/miniflux/v2/pull/1746
miniflux	www.miniflux.app/docs/configuration.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Mar 2023 20:15Current

5.6Medium risk

Vulners AI Score5.6

CVSS34.8 - 5.4

EPSS0.00106

SSVC

CWE-79