VYPR
Vendor

Tiny Tiny RSS

Products
3
CVEs
6
Across products
7
Status
Private

Products

3

Recent CVEs

6
  • CVE-2020-25787CriSep 19, 2020
    risk 0.68cvss 9.8epss 0.18

    An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.

  • CVE-2017-16896CriNov 20, 2017
    risk 0.64cvss 9.8epss 0.01

    A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.

  • CVE-2020-25788HigSep 19, 2020
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.

  • CVE-2021-28373HigMar 13, 2021
    risk 0.49cvss 7.5epss 0.01

    The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git…

  • CVE-2020-25789MedSep 19, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.

  • CVE-2017-1000035MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.01

    Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack