6 matches found
CVE-2021-28373
The vulnerability CVE-2021-28373 affects Tiny Tiny RSS (tt-rss) via the auth_internal plugin. The root issue allows an attacker to log in using an OTP code without a valid password, as reported for TT-RSS prior to 2021-03-12. The condition occurred on the git master branch for a short period; pro...
CVE-2020-25787
CVE-2020-25787 affects Tiny Tiny RSS (tt-rss) prior to 2020-09-16. The issue is that tt-rss does not validate all URLs before requesting them, enabling potential remote code execution as described by multiple sources. A number of connected documents provide concrete details: a known remote code e...
CVE-2020-25788
Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...
CVE-2020-25789
CVE-2020-25789 concerns Tiny Tiny RSS (tt-rss) before 2020-09-16. The issue, described across connected sources, is that the cached_url feature mishandles JavaScript inside an SVG document. The available documents denote this as the root cause but do not provide explicit exploit paths, affected v...
CVE-2017-16896
CVE-2017-16896 affects Tiny Tiny RSS 17.4, specifically the forgotpass component’s login parameter. Multiple connected entries confirm a SQL injection in classes/handler/public.php, producing high/severe impact (NVD metrics: CVSSv2 7.5 MED/ HIGH; CVSSv3 9.8 CRITICAL) with network reach and no aut...
CVE-2017-1000035
CVE-2017-1000035 affects Tiny Tiny RSS prior to 829d478f, where an XSS window.opener vulnerability exists. The root cause is a cross-site scripting flaw in the application’s handling of window.opener context, potentially allowing script injection in affected sessions. Referenced patch/commit 829d...