Vulnerabilities > Wallabag

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2023-0737 Cross-Site Request Forgery (CSRF) vulnerability in Wallabag 2.5.2
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint.
network
low complexity
wallabag CWE-352
6.5
6.5
2023-08-21 CVE-2023-4454 Cross-Site Request Forgery (CSRF) vulnerability in Wallabag
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
network
low complexity
wallabag CWE-352
5.7
5.7
2023-08-21 CVE-2023-4455 Cross-Site Request Forgery (CSRF) vulnerability in Wallabag
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.
network
low complexity
wallabag CWE-352
6.5
6.5
2023-07-10 CVE-2023-3566 Allocation of Resources Without Limits or Throttling vulnerability in Wallabag 2.5.4
A vulnerability was found in wallabag 2.5.4.
network
low complexity
wallabag CWE-770
6.5
6.5
2023-03-05 CVE-2023-0734 Improper Authorization vulnerability in Wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.
network
low complexity
wallabag CWE-285
5.3
5.3
2023-02-07 CVE-2023-0735 Cross-Site Request Forgery (CSRF) vulnerability in Wallabag
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.
network
low complexity
wallabag CWE-352
6.5
6.5
2023-02-07 CVE-2023-0736 Cross-site Scripting vulnerability in Wallabag
Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.
network
low complexity
wallabag CWE-79
5.4
5.4
2023-02-01 CVE-2023-0609 Improper Authorization vulnerability in Wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.
network
low complexity
wallabag CWE-285
4.3
4.3
2023-02-01 CVE-2023-0610 Improper Authorization vulnerability in Wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.
network
low complexity
wallabag CWE-285
4.3
4.3
2018-09-21 CVE-2018-11352 Cross-site Scripting vulnerability in Wallabag
The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page.
network
high complexity
wallabag CWE-79
4.0
4.0