wallabag/wallabag Security Advisories for 1.9beta2 (5)
-
[MEDIUM] CSRF leading to delete account in wallabag/wallabag
PKSA-62vh-rqjc-f5hc CVE-2023-0737 GHSA-99w8-c5f6-96pp
Affected version: <2.5.4
Reported by:
GitHub -
[MEDIUM] Wallabag vulnerable to Allocation of Resources Without Limits or Throttling
PKSA-vwxb-cgc5-dhmx CVE-2023-3566 GHSA-6qq7-3hqc-p5w4
Affected version: <=2.5.4
Reported by:
GitHub -
[MEDIUM] Wallabag Improper Authorization vulnerability
PKSA-hbyb-nbdj-8w6v CVE-2023-0734 GHSA-8ccw-f83g-v7g3
Affected version: <2.5.4
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery (CSRF) in wallabag/wallabag
PKSA-fk8j-yrtn-xxzw CVE-2023-0735 GHSA-2qxp-xmx6-cq4f
Affected version: <2.5.4
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in wallabag/wallabag
PKSA-s8hr-qk43-x2k7 CVE-2023-0736 GHSA-3x2c-87cq-qx49
Affected version: <2.5.4
Reported by:
GitHub