Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

FreshRSS Security Vulnerabilities

cve
cve

CVE-2023-22481

FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users/_/log_api.txt in the case where the authentication fails. The issues occurs in authorizationToUser() in greader.php. If there is an issue with the request or the...

5.5CVSS

5.6AI Score

0.0004EPSS

2023-03-06 06:15 PM
18
cve
cve

CVE-2022-23497

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a...

7.5CVSS

7.6AI Score

0.002EPSS

2022-12-09 11:15 PM
33
cve
cve

CVE-2018-19782

Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a...

6.1CVSS

6AI Score

0.008EPSS

2019-01-30 03:29 PM
32