Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/04/05 6:33 p.m.19 views

CVE-2025-31483

Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed...

4.8CVSS6.3AI score0.00384EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/03 6:7 p.m.15 views

CVE-2025-31483 Stored XSS in Miniflux Media Proxy due to improper Content-Security-Policy configuration

Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed...

4.8CVSS6.6AI score0.00384EPSS
Exploits0References2
CVE
CVE
added 2025/04/03 6:7 p.m.81 views

CVE-2025-31483

The CVE-2025-31483 vulnerability affects Miniflux (a feed reader) where a weak Content Security Policy on the /proxy/* route allowed bypassing the media proxy CSP and executing cross-site scripting when external images were opened in a new tab/window. Root cause: insufficient CSP controls for the...

4.8CVSS6.6AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 6:7 p.m.17 views

CVE-2025-31483 Stored XSS in Miniflux Media Proxy due to improper Content-Security-Policy configuration

Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed...

4.8CVSS6AI score0.00384EPSS
Exploits0References4
Rows per page
Query Builder