Filtered by vendor Wallabag
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2023-03-09 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0736 | 1 Wallabag | 1 Wallabag | 2023-02-15 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0735 | 1 Wallabag | 1 Wallabag | 2023-02-15 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2023-0609 | 1 Wallabag | 1 Wallabag | 2023-02-08 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2023-0610 | 1 Wallabag | 1 Wallabag | 2023-02-08 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2018-11352 | 1 Wallabag | 1 Wallabag | 2018-11-09 | 2.1 LOW | 4.0 MEDIUM |
| The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions. | |||||