Lucene search
+L

4 matches found

OSV
OSV
added 2025/04/09 5:5 p.m.22 views

GO-2025-3591 Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration in miniflux.app

Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration in miniflux.app...

4.8CVSS6.5AI score0.00384EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/04 2:9 p.m.19 views

Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration

Summary Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. Impact A malicious feed added to Miniflux can execute arbitrary JavaScript in the user's browser...

4.8CVSS6.9AI score0.00384EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/03 6:7 p.m.15 views

CVE-2025-31483 Stored XSS in Miniflux Media Proxy due to improper Content-Security-Policy configuration

Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed...

4.8CVSS6.6AI score0.00384EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/03 6:7 p.m.35 views

CVE-2025-31483 Stored XSS in Miniflux Media Proxy due to improper Content-Security-Policy configuration

Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/ route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vulnerability, the CSP for the media proxy has been changed...

4.8CVSS0.00384EPSS
Exploits0References2
Rows per page
Query Builder