Vulnerabilities > TT RSS

DATE CVE VULNERABILITY TITLE RISK
2021-03-13 CVE-2021-28373 Incorrect Authorization vulnerability in Tt-Rss Tiny RSS 17.4/20200916
The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password.
network
low complexity
tt-rss CWE-863
5.0
5.0
2020-09-19 CVE-2020-25789 Cross-site Scripting vulnerability in Tt-Rss Tiny RSS 17.4
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16.
network
tt-rss CWE-79
4.3
4.3
2020-09-19 CVE-2020-25788 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Tt-Rss Tiny RSS 17.4
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16.
network
tt-rss CWE-829
6.8
6.8
2020-09-19 CVE-2020-25787 Improper Input Validation vulnerability in Tt-Rss Tiny RSS 17.4
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16.
network
low complexity
tt-rss CWE-20
critical
 10.0
10
2017-11-20 CVE-2017-16896 SQL Injection vulnerability in Tt-Rss Tiny RSS 17.4
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
network
low complexity
tt-rss CWE-89
7.5
7.5
2017-07-17 CVE-2017-1000035 Cross-site Scripting vulnerability in Tt-Rss Tiny RSS
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack
network
tt-rss CWE-79
4.3
4.3