Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6028 | 1 Torrentflux Project | 1 Torrentflux | 2020-01-30 | 4.0 MEDIUM | N/A |
| TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php. | |||||
| CVE-2014-6029 | 1 Torrentflux Project | 1 Torrentflux | 2020-01-30 | 4.9 MEDIUM | N/A |
| TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php. | |||||
| CVE-2014-6027 | 1 Torrentflux Project | 1 Torrentflux | 2018-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details. | |||||