Leepeuker

Movary

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.7

CVE-2026-40348

  • EPSS 0.01%
  • Veröffentlicht 18.04.2026 00:16:38
  • Zuletzt bearbeitet 20.04.2026 19:03:07

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through `POST /settings/jellyfin/server-url-verify`. The...

8.8

CVE-2026-40349

  • EPSS 0.01%
  • Veröffentlicht 18.04.2026 00:16:38
  • Zuletzt bearbeitet 20.04.2026 19:03:07

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending `isAdmin=true` to `PUT /settings/users/{userId}` for their o...

8.8

CVE-2026-40350

  • EPSS 0.04%
  • Veröffentlicht 18.04.2026 00:07:33
  • Zuletzt bearbeitet 20.04.2026 19:03:07

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints `/settings/users` and use them to enumerate all users and create a new adminis...

6.1

CVE-2026-23841

Exploit
  • EPSS 0.13%
  • Veröffentlicht 19.01.2026 18:35:21
  • Zuletzt bearbeitet 02.02.2026 15:17:06

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryCreated=`. V...

6.1

CVE-2026-23840

Exploit
  • EPSS 0.11%
  • Veröffentlicht 19.01.2026 18:32:50
  • Zuletzt bearbeitet 03.02.2026 14:47:15

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryDeleted=`. V...

6.1

CVE-2026-23839

Exploit
  • EPSS 0.11%
  • Veröffentlicht 19.01.2026 18:27:25
  • Zuletzt bearbeitet 03.02.2026 14:48:00

Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryUpdated=`. V...

6.1

CVE-2025-64115

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.10.2025 17:39:19
  • Zuletzt bearbeitet 08.12.2025 15:34:33

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open red...

6.1

CVE-2025-64116

Exploit
  • EPSS 0.04%
  • Veröffentlicht 30.10.2025 17:32:41
  • Zuletzt bearbeitet 08.12.2025 15:34:41

Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vul...