Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1
CVE-2021-3427
- EPSS 0.57%
- Veröffentlicht 26.08.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:21:28
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary J...
9.8
CVE-2017-9031
- EPSS 0.51%
- Veröffentlicht 17.05.2017 19:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.
8.8
CVE-2017-7178
- EPSS 1.23%
- Veröffentlicht 18.03.2017 20:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable thi...
1