CVE-2020-25789

Опубликовано: 19 сент. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.

Ссылки

https://blog.neagaru.com/p/exploiting-tiny-tiny-rss-2020
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
Vendor Advisory
https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60
Patch
Vendor Advisory
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
Vendor Advisory
https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tt-rss:tiny_tiny_rss:*:*:*:*:*:*:*:*

Версия до 2020-09-16 (исключая)

EPSS

Процентиль: 67%

0.00528

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-25789

CVSS3: 6.1

ubuntu

больше 5 лет назад

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.

CVE-2020-25789

CVSS3: 6.1

debian

больше 5 лет назад

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...

GHSA-63f3-68q8-wr22

CVSS3: 6.1

github

больше 3 лет назад

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.

EPSS

Процентиль: 67%

0.00528

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79