ByteOS Network

wger

Source -

NVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2023-38758

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.08% / 24.46%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 00:00

Updated-10 Oct, 2024 | 18:53

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.

Vendor-wger n/a

Product-workout_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-38759

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.34% / 55.85%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 00:00

Updated-10 Oct, 2024 | 19:00

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

Vendor-wger n/a

Product-workout_manager n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2022-2650

Assigner-Protect AI (formerly huntr.dev)

View Details

Assigner-Protect AI (formerly huntr.dev)

CVSS Score-7.8||HIGH

EPSS-0.15% / 36.17%

7 Day CHG~0.00%

Published-24 Nov, 2022 | 00:00