Jeremy Benoist - Security Researcher - Exploit Intelligence Platform

CVE-2023-0610 WRITEUP MEDIUM WRITEUP

wallabag < 2.5.3 - Improper Authorization

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.

CVSS 4.3

View Code

CVE-2023-0734 WRITEUP MEDIUM WRITEUP

wallabag < 2.5.4 - Improper Authorization

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.

CVSS 5.3

View Code

CVE-2023-0735 WRITEUP MEDIUM WRITEUP

wallabag < 2.5.4 - Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.

CVSS 6.5

View Code

CVE-2023-0736 WRITEUP MEDIUM WRITEUP

wallabag < 2.5.4 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.

CVSS 5.4

View Code

CVE-2023-0737 WRITEUP MEDIUM WRITEUP

wallabag < 2.5.4 - Cross-Site Request Forgery via Account Delete Endpoint

wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.

CVSS 6.5

View Code