Walla Telesite
Products
2- 9 CVEs
- 4 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0737 | Med | 0.35 | 6.5 | 0.00 | Nov 15, 2024 | wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4. | ||
| CVE-2023-4455 | Med | 0.35 | 6.5 | 0.00 | Aug 21, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. | ||
| CVE-2023-0735 | Med | 0.35 | 6.5 | 0.00 | Feb 7, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | ||
| CVE-2023-4454 | Med | 0.30 | 5.7 | 0.00 | Aug 21, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. | ||
| CVE-2023-0736 | Med | 0.28 | 5.4 | 0.00 | Feb 7, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. | ||
| CVE-2023-0734 | Med | 0.27 | 5.3 | 0.01 | Mar 5, 2023 | Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | ||
| CVE-2023-3566 | Low | 0.23 | 3.5 | 0.01 | Jul 10, 2023 | A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit… | ||
| CVE-2023-0610 | Med | 0.21 | 4.3 | 0.00 | Feb 1, 2023 | Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | ||
| CVE-2023-0609 | Med | 0.21 | 4.3 | 0.01 | Feb 1, 2023 | Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | ||
| CVE-2005-3576 | 0.03 | — | 0.03 | Nov 16, 2005 | ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter. | |||
| CVE-2005-3579 | 0.03 | — | 0.03 | Nov 16, 2005 | ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring. | |||
| CVE-2005-3577 | 0.03 | — | 0.02 | Nov 16, 2005 | Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter. | |||
| CVE-2005-3578 | 0.03 | — | 0.01 | Nov 16, 2005 | SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter. |
- risk 0.35cvss 6.5epss 0.00
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
- risk 0.35cvss 6.5epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.
- risk 0.30cvss 5.7epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
- risk 0.28cvss 5.4epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.
- risk 0.27cvss 5.3epss 0.01
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.
- risk 0.23cvss 3.5epss 0.01
A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit…
- risk 0.21cvss 4.3epss 0.00
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.
- risk 0.21cvss 4.3epss 0.01
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.
- CVE-2005-3576Nov 16, 2005risk 0.03cvss —epss 0.03
ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter.
- CVE-2005-3579Nov 16, 2005risk 0.03cvss —epss 0.03
ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring.
- CVE-2005-3577Nov 16, 2005risk 0.03cvss —epss 0.02
Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter.
- CVE-2005-3578Nov 16, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter.