Lucene search
+L
Tt-rssTiny Tiny Rss

6 matches found

CVE
CVE
added 2021/03/13 8:19 p.m.87 views

CVE-2021-28373

The vulnerability CVE-2021-28373 affects Tiny Tiny RSS (tt-rss) via the auth_internal plugin. The root issue allows an attacker to log in using an OTP code without a valid password, as reported for TT-RSS prior to 2021-03-12. The condition occurred on the git master branch for a short period; pro...

7.5CVSS7.5AI score0.00934EPSS
CVE
CVE
added 2020/09/19 8:18 p.m.86 views

CVE-2020-25787

CVE-2020-25787 affects Tiny Tiny RSS (tt-rss) prior to 2020-09-16. The issue is that tt-rss does not validate all URLs before requesting them, enabling potential remote code execution as described by multiple sources. A number of connected documents provide concrete details: a known remote code e...

10CVSS9.3AI score0.18417EPSS
Web
CVE
CVE
added 2020/09/19 8:18 p.m.59 views

CVE-2020-25788

Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...

8.1CVSS7.9AI score0.01193EPSS
Web
CVE
CVE
added 2020/09/19 8:17 p.m.55 views

CVE-2020-25789

CVE-2020-25789 concerns Tiny Tiny RSS (tt-rss) before 2020-09-16. The issue, described across connected sources, is that the cached_url feature mishandles JavaScript inside an SVG document. The available documents denote this as the root cause but do not provide explicit exploit paths, affected v...

6.1CVSS6.3AI score0.00883EPSS
CVE
CVE
added 2017/11/20 4:0 p.m.52 views

CVE-2017-16896

CVE-2017-16896 affects Tiny Tiny RSS 17.4, specifically the forgotpass component’s login parameter. Multiple connected entries confirm a SQL injection in classes/handler/public.php, producing high/severe impact (NVD metrics: CVSSv2 7.5 MED/ HIGH; CVSSv3 9.8 CRITICAL) with network reach and no aut...

9.8CVSS9.8AI score0.01478EPSS
Web
CVE
CVE
added 2017/07/13 8:0 p.m.49 views

CVE-2017-1000035

CVE-2017-1000035 affects Tiny Tiny RSS prior to 829d478f, where an XSS window.opener vulnerability exists. The root cause is a cross-site scripting flaw in the application’s handling of window.opener context, potentially allowing script injection in affected sessions. Referenced patch/commit 829d...

6.1CVSS5.9AI score0.00888EPSS