72 matches found
CVE-2024-27927 RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...
CVE-2024-27927 RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...
CVE-2024-27927 RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...
CVE-2024-27927
CVE-2024-27927 affects RSSHub (prior to 1.0.0-master.a429472). The issue is Server-Side Request Forgery (SSRF) that lets unauthenticated remote actors use the RSSHub server as a proxy to generate HTTP GET requests to arbitrary targets, potentially leaking the server IP or internal-network details...
CVE-2024-27926 RSSHub Cross-site Scripting vulnerability caused by internal media proxy
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...
CVE-2024-27926 RSSHub Cross-site Scripting vulnerability caused by internal media proxy
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...
CVE-2024-27926
RSSHub (Node.js) is affected by a Cross-site Scripting (XSS) vulnerability in the internal media proxy. A crafted image sent to the proxy from versions 1.0.0-master.cbbd829 up to, but not including, 1.0.0-master.d8ca915, can bypass sanitization and allow execution of arbitrary JavaScript code whe...
CVE-2024-27926 RSSHub Cross-site Scripting vulnerability caused by internal media proxy
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...
GHSA-3P3P-CGJ7-VGW3 RSSHub vulnerable to Server-Side Request Forgery
Summary Serveral Server-Side Request Forgery SSRF vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. Details...
RSSHub vulnerable to Server-Side Request Forgery
Summary Serveral Server-Side Request Forgery SSRF vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. Details...
GHSA-2WQW-HR4F-XRHH RSSHub Cross-site Scripting vulnerability caused by internal media proxy
Impact When the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. Patches This vulnerability was fixed...
PT-2024-22142
Name of the Vulnerable Software and Affected Versions RSSHub versions prior to 1.0.0-master.a429472 Description The issue allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Servi...
PT-2024-22141
Name of the Vulnerable Software and Affected Versions RSSHub versions 1.0.0-master.cbbd829 through 1.0.0-master.d8ca915 Description RSSHub is an open source RSS feed generator. When a specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS...
Cross-site Scripting (XSS)
rsshub is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the improper sanitisation of special characters in parameter.js which allows an attacker to inject and execute malicious JavaScript into the browser...
Cross-site Scripting (XSS)
rsshub is vulnerable to Cross-site Scripting XSS attacks. The vulnerability is due to the URL parameter improperly sanitizating special characters, which allows an attacker to inject and execute malicious JavaScript through the error page on a victim's browser...
CVE-2023-26491
RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...
Design/Logic Flaw
RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...
CVE-2023-26491 RSSHub is vulnerable to cross-site scripting (XSS) via unvalidated URL parameters
RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...
CVE-2023-26491
RSSHub is affected by a cross-site scripting (XSS) vulnerability caused by improper handling of certain special characters in URL parameters. The issue allows an attacker to execute arbitrary JavaScript when users access a deliberately constructed URL. A fix was committed in version c910c4d28717f...
CVE-2023-26491 RSSHub is vulnerable to cross-site scripting (XSS) via unvalidated URL parameters
RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...