VDB
CVE-2023-27592
CVE-2023-27592
PUBLISHED
CVSS 4.800000190734863 MEDIUM
Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler
EPSS 0.57% · 68.9th percentile
Risk Scores
CVSS v3.1
4.800000190734863
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
EPSS Score
0.57%
68.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| miniflux.app | v2 | 2.0.25, 2.0.25 |
| miniflux_project | miniflux | 2.0.25, 2.0.25 |
| miniflux | v2 | >= 2.0.25, < 2.0.43, >= 2.0.25, < 2.0.43 |
Timeline
- Mar 13, 2023 Fix PR Merged
- Mar 17, 2023 CVE Published
- Mar 17, 2023 PoC Published
- Mar 18, 2023 EPSS Score
- Apr 26, 2023 EPSS Score
- Jun 3, 2023 EPSS Score
- Jul 12, 2023 EPSS Score
- Aug 19, 2023 EPSS Score
- Sep 27, 2023 EPSS Score
- Nov 4, 2023 EPSS Score
- Dec 13, 2023 EPSS Score
- Jan 20, 2024 EPSS Score
References
- https://github.com/miniflux/v2/security/advisories/GHSA-mqqg-xjhj-wfgw url
- https://github.com/miniflux/v2/pull/1746 url
- https://github.com/miniflux/v2/blob/b2fd84e0d376a3af6329b9bb2e772ce38a25c31c/ui/proxy.go#L76 url
- https://github.com/miniflux/v2/blob/b2fd84e0d376a3af6329b9bb2e772ce38a25c31c/ui/proxy.go#L90 url
- https://github.com/miniflux/v2/releases/tag/2.0.25 url
- https://github.com/miniflux/v2/releases/tag/2.0.43 url
- https://miniflux.app/docs/configuration.html#proxy-images url
- https://nvd.nist.gov/vuln/detail/CVE-2023-27592 advisory
- https://github.com/miniflux/v2 package