Download
| Alert*
oval:org.secpod.oval:def:2004153
An issue was discovered in Tiny Tiny RSS before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message. oval:org.secpod.oval:def:605156 tt-rss is installed oval:org.secpod.oval:def:704743 tt-rss is installed oval:org.secpod.oval:def:2004154 An issue was discovered in Tiny Tiny RSS before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document. oval:org.secpod.oval:def:2004155 An issue was discovered in Tiny Tiny RSS before 2020-09-16. It does not validate all URLs before requesting them. oval:org.secpod.oval:def:1900998 A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. oval:org.secpod.oval:def:1901617 Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack |