Lucene search

Tt-rss Security Vulnerabilities

cve

CVE-2017-16896

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login...

9.8CVSS

9.8AI Score

0.002EPSS

2022-10-03 04:23 PM

cve

CVE-2021-28373

The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

7.5CVSS

7.5AI Score

0.001EPSS

2021-03-13 09:15 PM

cve

CVE-2020-25789

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG...

6.1CVSS

6.3AI Score

0.001EPSS

2020-09-19 09:15 PM

cve

CVE-2020-25787

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting...

9.8CVSS

9.3AI Score

0.31EPSS

2020-09-19 09:15 PM

cve

CVE-2020-25788

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error...

8.1CVSS

7.9AI Score

0.002EPSS

2020-09-19 09:15 PM

cve

CVE-2017-1000035

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener...

6.1CVSS

5.9AI Score

0.001EPSS

2017-07-17 01:18 PM