Vulnerabilities > TT RSS

DATE CVE VULNERABILITY TITLE RISK
2021-03-13 CVE-2021-28373 Incorrect Authorization vulnerability in Tt-Rss Tiny RSS 17.4/20200916
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password.
network
low complexity
tt-rss CWE-863
7.5
7.5
2020-09-19 CVE-2020-25789 Cross-site Scripting vulnerability in Tt-Rss Tiny RSS 17.4
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16.
network
low complexity
tt-rss CWE-79
6.1
6.1
2020-09-19 CVE-2020-25788 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tt-Rss Tiny RSS 17.4
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16.
network
high complexity
tt-rss CWE-829
8.1
8.1
2020-09-19 CVE-2020-25787 Improper Input Validation vulnerability in Tt-Rss Tiny RSS 17.4
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16.
network
low complexity
tt-rss CWE-20
critical
 9.8
9.8
2017-11-20 CVE-2017-16896 SQL Injection vulnerability in Tt-Rss Tiny RSS 17.4
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
network
low complexity
tt-rss CWE-89
critical
 9.8
9.8
2017-07-17 CVE-2017-1000035 Cross-site Scripting vulnerability in Tt-Rss Tiny RSS
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack
network
low complexity
tt-rss CWE-79
6.1
6.1