3 matches found
CVE-2024-27926
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...
CVE-2024-27926 RSSHub Cross-site Scripting vulnerability caused by internal media proxy
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...
CVE-2024-27926
RSSHub (Node.js) is affected by a Cross-site Scripting (XSS) vulnerability in the internal media proxy. A crafted image sent to the proxy from versions 1.0.0-master.cbbd829 up to, but not including, 1.0.0-master.d8ca915, can bypass sanitization and allow execution of arbitrary JavaScript code whe...