Skip to main content

Tiny Tiny Rss

6 CVEs product

Monthly

CVE-2021-28373 HIGH PATCH This Week

The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Tiny Tiny Rss
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-25789 MEDIUM PATCH This Month

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tiny Tiny Rss
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-25788 HIGH PATCH This Week

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure PHP Tiny Tiny Rss
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-25787 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tiny Tiny Rss
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
18.4%
CVE-2017-16896 CRITICAL PATCH Act Now

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Tiny Tiny Rss
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-1000035 MEDIUM This Month

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tiny Tiny Rss
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Tiny Tiny Rss
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tiny Tiny Rss
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure PHP Tiny Tiny Rss
NVD
EPSS 18% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tiny Tiny Rss
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Tiny Tiny Rss
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tiny Tiny Rss
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy