Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FreshRSS has Logout CSRF that Leads to DoS via <track src>
Vulnerability Description
FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via <track src>. Version 1.27.1 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
FreshRSS 安全漏洞
Vulnerability Description
FreshRSS是FreshRSS开源的一个免费的、可自行托管的 RSS 聚合器。 FreshRSS 1.27.1之前版本存在安全漏洞,该漏洞源于注销功能存在跨站请求伪造漏洞,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A