Lucene search
K

72 matches found

Vulnrichment
Vulnrichment
added 2024/03/06 8:42 p.m.21 views

CVE-2024-27927 RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

6.5CVSS6.6AI score0.01044EPSS
Exploits1References6
OSV
OSV
added 2024/03/06 8:42 p.m.33 views

CVE-2024-27927 RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

6.5CVSS6.2AI score0.01044EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/03/06 8:42 p.m.45 views

CVE-2024-27927 RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

6.5CVSS6.5AI score0.01044EPSS
Exploits1References6
CVE
CVE
added 2024/03/06 8:42 p.m.80 views

CVE-2024-27927

CVE-2024-27927 affects RSSHub (prior to 1.0.0-master.a429472). The issue is Server-Side Request Forgery (SSRF) that lets unauthenticated remote actors use the RSSHub server as a proxy to generate HTTP GET requests to arbitrary targets, potentially leaking the server IP or internal-network details...

6.5CVSS6.3AI score0.01044EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2024/03/06 8:36 p.m.48 views

CVE-2024-27926 RSSHub Cross-site Scripting vulnerability caused by internal media proxy

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

6.1CVSS6.3AI score0.00521EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 8:36 p.m.37 views

CVE-2024-27926 RSSHub Cross-site Scripting vulnerability caused by internal media proxy

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

6.1CVSS6.1AI score0.00521EPSS
Exploits0References4
CVE
CVE
added 2024/03/06 8:36 p.m.77 views

CVE-2024-27926

RSSHub (Node.js) is affected by a Cross-site Scripting (XSS) vulnerability in the internal media proxy. A crafted image sent to the proxy from versions 1.0.0-master.cbbd829 up to, but not including, 1.0.0-master.d8ca915, can bypass sanitization and allow execution of arbitrary JavaScript code whe...

6.1CVSS6.2AI score0.00521EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/06 8:36 p.m.14 views

CVE-2024-27926 RSSHub Cross-site Scripting vulnerability caused by internal media proxy

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

6.1CVSS6.2AI score0.00521EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 5:3 p.m.13 views

GHSA-3P3P-CGJ7-VGW3 RSSHub vulnerable to Server-Side Request Forgery

Summary Serveral Server-Side Request Forgery SSRF vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. Details...

6.5CVSS6.5AI score0.01044EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2024/03/06 5:3 p.m.29 views

RSSHub vulnerable to Server-Side Request Forgery

Summary Serveral Server-Side Request Forgery SSRF vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. Details...

6.5CVSS7AI score0.01044EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/03/06 5:2 p.m.19 views

GHSA-2WQW-HR4F-XRHH RSSHub Cross-site Scripting vulnerability caused by internal media proxy

Impact When the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. Patches This vulnerability was fixed...

6.1CVSS6.1AI score0.00521EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.4 views

PT-2024-22142

Name of the Vulnerable Software and Affected Versions RSSHub versions prior to 1.0.0-master.a429472 Description The issue allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Servi...

6.5CVSS6.6AI score0.01044EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.23 views

PT-2024-22141

Name of the Vulnerable Software and Affected Versions RSSHub versions 1.0.0-master.cbbd829 through 1.0.0-master.d8ca915 Description RSSHub is an open source RSS feed generator. When a specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS...

6.1CVSS6.2AI score0.00521EPSS
Exploits0References9
Veracode
Veracode
added 2023/03/14 11:41 a.m.24 views

Cross-site Scripting (XSS)

rsshub is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the improper sanitisation of special characters in parameter.js which allows an attacker to inject and execute malicious JavaScript into the browser...

6.1CVSS6AI score0.00434EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/03/04 9:1 p.m.8 views

Cross-site Scripting (XSS)

rsshub is vulnerable to Cross-site Scripting XSS attacks. The vulnerability is due to the URL parameter improperly sanitizating special characters, which allows an attacker to inject and execute malicious JavaScript through the error page on a victim's browser...

4.8AI score
Exploits0
NVD
NVD
added 2023/03/03 11:15 p.m.31 views

CVE-2023-26491

RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...

6.1CVSS5.7AI score0.00434EPSS
Exploits0References2
Prion
Prion
added 2023/03/03 11:15 p.m.19 views

Design/Logic Flaw

RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...

5.8CVSS6.1AI score0.00434EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/03 10:41 p.m.33 views

CVE-2023-26491 RSSHub is vulnerable to cross-site scripting (XSS) via unvalidated URL parameters

RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...

5.4CVSS6.3AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2023/03/03 10:41 p.m.73 views

CVE-2023-26491

RSSHub is affected by a cross-site scripting (XSS) vulnerability caused by improper handling of certain special characters in URL parameters. The issue allows an attacker to execute arbitrary JavaScript when users access a deliberately constructed URL. A fix was committed in version c910c4d28717f...

6.1CVSS5.8AI score0.00434EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/03 10:41 p.m.7 views

CVE-2023-26491 RSSHub is vulnerable to cross-site scripting (XSS) via unvalidated URL parameters

RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructe...

5.4CVSS6.2AI score0.00434EPSS
Exploits0References2
Rows per page
Query Builder