55 matches found
CVE-2023-1496
CVE-2023-1496 affects the Imgproxy project prior to version 3.14.0, where a reflected Cross-site Scripting (XSS) vulnerability exists in imgproxy/imgproxy. The root cause is reflected XSS in the web interface, allowing an attacker to execute arbitrary JavaScript in the victim’s browser. Reported ...
CVE-2023-1496 Cross-site Scripting (XSS) - Reflected in imgproxy/imgproxy
Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0...
imgproxy 跨站脚本漏洞
imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote mirrors. A cross-site scripting vulnerability exists in imgproxy versions prior to 3.14.0, which stems from the presence of reflected cross-site scripting XSS...
SVG Sanitization Bypass - XSS
Description In imgproxy application, we bypassed the svg sanitization function. In this way, attacker can craft malicious svg file and run javascript on the application. Proof of Concept Here is the content of the malicious svg file. After that you can call this svg file like below...
PT-2023-2370 · Imgproxy · Imgproxy
Name of the Vulnerable Software and Affected Versions: imgproxy versions prior to 3.14.0 Description: The issue is related to Cross-site Scripting XSS - Reflected, which can be exploited by a remote attacker to perform inter-site script attacks using a specially crafted svg file. This is due to...
DEBIAN-CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
Code injection
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
UBUNTU-CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2020-25788
Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
PT-2020-16208
Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description A problem was discovered in Tiny Tiny RSS where the imgproxy function in the plugins/af proxy http/init.php file mishandles the url variable in an error message. Recommendations For versio...
tt-rss -- multiple vulnerabilities
tt-rss project reports: The cachedurl feature mishandles JavaScript inside an SVG document. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message. It does not validate all URLs before requesting them. Allows remote attackers to execute arbitrary PHP code via a...