19 matches found
CVE-2026-27835
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet return all users' repetition config data because their getqueryset calls .all instead of filtering by the authenticated user. Any registered user...
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
GHSA-8M9P-3926-GFFR wger Workout Manager Cross-site Scripting vulnerability
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
CVE-2023-38759
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
CVE-2023-38759
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
PYSEC-2023-144
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
PYSEC-2023-143
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
PYSEC-2023-143
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
wger Cross-Site Scripting Vulnerability
wger is a self-hosted FLOSS fitness/exercise, nutrition and weight tracker written in Django. A security vulnerability exists in wger Workout Manager version v.2.2.0a3, which stems from a cross-site scripting vulnerability that allows remote attackers to gain privileges...
CVE-2023-38758
Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the licenseauthor field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components...
CVE-2023-38759
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
CVE-2023-38759
CVE-2023-38759 describes a Cross-Site Request Forgery (CSRF) vulnerability in the wger Project, Workout Manager version 2.2.0a3. The issue enables a remote attacker to gain privileges via the user-management features, affecting multiple components/files (e.g., gym.py, reset_user_password.html, ov...
CVE-2023-38758
The CVE-2023-38758 entry concerns wger Workout Manager v2.2.0a3, with a Cross-Site Scripting flaw exploitable via the license_author field in the add-ingredient workflow (templates/ingredients/view.html, models/ingredients.py, views/ingredients.py). The underlying issue is a stored/ reflected XSS...
CVE-2023-38759
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
wger Cross-Site Request Forgery Vulnerability
wger is a self-hosted FLOSS fitness/exercise, nutrition and weight tracker written in Django. A security vulnerability exists in wger Workout Manager version v.2.2.0a3, which stems from the presence of a cross-site request forgery CSRF vulnerability that allows remote attackers to gain privileges...
PT-2023-26585 · Unknown · Wger Workout Manager
Name of the Vulnerable Software and Affected Versions: wger Workout Manager version 2.2.0a3 Description: A Cross Site Scripting issue allows a remote attacker to gain privileges via the license author field in the add-ingredient function in the templates/ingredients/view.html,...