4 matches found
CVE-2023-27592
creationtimestamp| type| source ---|---|--- 2023-03-17 23:31:46+00:00| published-proof-of-concept| https://t.me/cibsecurity/60272...
CVE-2023-27592
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...
CVE-2023-27592
Miniflux CVE-2023-27592 is a stored XSS affecting v2.0.25 and later via the image proxy path. When an outbound Go HTTP request fails, html.ServerError is returned unescaped and without the CSP header, enabling an attacker to craft an RSS item with an tag using a malicious srcset (e.g., http:a). ...