Vulnerabilities > Wallabag

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2023-0737 Unspecified vulnerability in Wallabag 2.5.2
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint.
network
low complexity
wallabag
6.5
2023-08-21 CVE-2023-4454 Unspecified vulnerability in Wallabag
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
network
low complexity
wallabag
5.7
2023-08-21 CVE-2023-4455 Unspecified vulnerability in Wallabag
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
network
low complexity
wallabag
6.5
2023-07-10 CVE-2023-3566 Unspecified vulnerability in Wallabag 2.5.4
A vulnerability was found in wallabag 2.5.4.
network
low complexity
wallabag
6.5
2023-03-05 CVE-2023-0734 Unspecified vulnerability in Wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.
network
low complexity
wallabag
5.3
2023-02-07 CVE-2023-0735 Unspecified vulnerability in Wallabag
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.
network
low complexity
wallabag
6.5
2023-02-07 CVE-2023-0736 Unspecified vulnerability in Wallabag
Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.
network
low complexity
wallabag
5.4
2023-02-01 CVE-2023-0609 Unspecified vulnerability in Wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.
network
low complexity
wallabag
4.3
2023-02-01 CVE-2023-0610 Unspecified vulnerability in Wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.
network
low complexity
wallabag
4.3
2018-09-21 CVE-2018-11352 Cross-site Scripting vulnerability in Wallabag
The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page.
network
high complexity
wallabag CWE-79
4.0