4 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-25789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document. CVE-2020-25789 Note...
FreeBSD : tt-rss -- multiple vulnerabilities (2eec1e85-faf3-11ea-8ac0-4437e6ad11c4)
tt-rss project reports : The cachedurl feature mishandles JavaScript inside an SVG document. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST'url' in an error message. It does not validate all URLs before requesting them. Allows remote attackers to execute arbitrary PHP code via a...
CVE-2020-25789
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...
CVE-2020-25789
CVE-2020-25789 concerns Tiny Tiny RSS (tt-rss) before 2020-09-16. The issue, described across connected sources, is that the cached_url feature mishandles JavaScript inside an SVG document. The available documents denote this as the root cause but do not provide explicit exploit paths, affected v...