4 matches found
CVE-2024-25808
Cross-site Request Forgery CSRF vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function...
CVE-2024-25807
Cross Site Scripting XSS vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album...
CVE-2024-25807
Lychee 3.1.6 is affected by a Cross Site Scripting (XSS) vulnerability exploitable via the title parameter when creating an album. The root cause is an XSS flaw in the album-creation flow, allowing remote attackers to execute arbitrary code and access sensitive information. The PT-Security entry ...
CVE-2024-25807
Cross Site Scripting XSS vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album...