Filtered by vendor Deluge-torrent
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3427 | 1 Deluge-torrent | 1 Deluge | 2022-10-16 | N/A | 6.1 MEDIUM |
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session. | |||||
CVE-2017-7178 | 2 Debian, Deluge-torrent | 2 Debian Linux, Deluge | 2020-07-08 | 6.8 MEDIUM | 8.8 HIGH |
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. | |||||
CVE-2017-9031 | 1 Deluge-torrent | 1 Deluge | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. |