Lucene search
K

4 matches found

Circl
Circl
added 2023/03/17 11:31 p.m.5 views

CVE-2023-27592

creationtimestamp| type| source ---|---|--- 2023-03-17 23:31:46+00:00| published-proof-of-concept| https://t.me/cibsecurity/60272...

5.4CVSS5.4AI score0.00586EPSS
Exploits0References1
NVD
NVD
added 2023/03/17 8:15 p.m.33 views

CVE-2023-27592

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

5.4CVSS5.6AI score0.00586EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/03/17 7:4 p.m.7 views

CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

4.8CVSS5.9AI score0.00586EPSS
Exploits0References7
CVE
CVE
added 2023/03/17 7:4 p.m.73 views

CVE-2023-27592

Miniflux CVE-2023-27592 is a stored XSS affecting v2.0.25 and later via the image proxy path. When an outbound Go HTTP request fails, html.ServerError is returned unescaped and without the CSP header, enabling an attacker to craft an RSS item with an tag using a malicious srcset (e.g., http:a). ...

5.4CVSS5.6AI score0.00586EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder