Vulnerabilities > Wger

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-08	CVE-2023-38758	Cross-site Scripting vulnerability in Wger Workout Manager 2.2.0 Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components. network low complexity wger CWE-79	5.4
2023-08-08	CVE-2023-38759	Cross-Site Request Forgery (CSRF) vulnerability in Wger Workout Manager 2.2.0 Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components. network low complexity wger CWE-352	8.8
2022-11-24	CVE-2022-2650	Improper Restriction of Excessive Authentication Attempts vulnerability in Wger Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. network low complexity wger CWE-307 critical	9.8

Vulnerabilities > Wger {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wger"}]}