Tiny Tiny RSS
Products
3- 4 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25787 | Cri | 0.68 | 9.8 | 0.18 | Sep 19, 2020 | An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them. | ||
| CVE-2017-16896 | Cri | 0.64 | 9.8 | 0.01 | Nov 20, 2017 | A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. | ||
| CVE-2020-25788 | Hig | 0.53 | 8.1 | 0.01 | Sep 19, 2020 | An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message. | ||
| CVE-2021-28373 | Hig | 0.49 | 7.5 | 0.01 | Mar 13, 2021 | The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git… | ||
| CVE-2020-25789 | Med | 0.40 | 6.1 | 0.01 | Sep 19, 2020 | An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document. | ||
| CVE-2017-1000035 | Med | 0.40 | 6.1 | 0.01 | Jul 17, 2017 | Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack |
- risk 0.68cvss 9.8epss 0.18
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
- risk 0.64cvss 9.8epss 0.01
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
- risk 0.53cvss 8.1epss 0.01
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.
- risk 0.49cvss 7.5epss 0.01
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
- risk 0.40cvss 6.1epss 0.01
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack