PyPI package

sickrage

pkg:pypi/sickrage

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-25925	—	>= 4.2.0, < 10.0.11.dev2	10.0.11.dev2	Apr 12, 2021	in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a us
CVE-2021-25926	—	>= 9.3.54, < 10.0.11.dev2	10.0.11.dev2	Apr 12, 2021	In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out a
CVE-2018-9160	—	< 2018.03.09-1	2018.03.09-1	Mar 31, 2018	SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.

CVE-2021-25925Apr 12, 2021
affected >= 4.2.0, < 10.0.11.dev2fixed 10.0.11.dev2
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a us
CVE-2021-25926Apr 12, 2021
affected >= 9.3.54, < 10.0.11.dev2fixed 10.0.11.dev2
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out a
CVE-2018-9160Mar 31, 2018
affected < 2018.03.09-1fixed 2018.03.09-1
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.