← Back

Freshrss

freshrss

Vendor: Freshrss • 22 CVEs

CVEs (22)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-23497
1Freshrss
1Freshrss
Nov 21, 2024
Dec 9, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of Fr...Show more
FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hashed password (brypt with cost 9, salted) of the GReader API, and a hashed password (MD5 salted) of the Fever API. Users should update to version 1.20.2 or edge. Users unable to upgrade can apply the patch manually or delete the file `./FreshRSS/p/ext.php`.Show less
CVE-2018-19782
1Freshrss
1Freshrss
Nov 21, 2024
Jan 30, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.