{"url":"http://public2.vulnerablecode.io/api/packages/610550?format=json","purl":"pkg:composer/wallabag/wallabag@2.3.7","type":"composer","namespace":"wallabag","name":"wallabag","version":"2.3.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.6.11","latest_non_vulnerable_version":"2.6.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140132?format=json","vulnerability_id":"VCID-2g1k-7bhh-w3gd","summary":"Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4455","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35971","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3579","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4455"},{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-gjvc-55fw-v6vq","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-gjvc-55fw-v6vq"},{"reference_url":"https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a/","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a/"},{"reference_url":"https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a","reference_id":"5ab1b206-5fe8-4737-b275-d705e76f193a","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:03:23Z/"}],"url":"https://huntr.dev/bounties/5ab1b206-5fe8-4737-b275-d705e76f193a"},{"reference_url":"https://github.com/wallabag/wallabag/commit/ffcc5c9062fcc8cd922d7d6d65edbe5efae96806","reference_id":"ffcc5c9062fcc8cd922d7d6d65edbe5efae96806","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:03:23Z/"}],"url":"https://github.com/wallabag/wallabag/commit/ffcc5c9062fcc8cd922d7d6d65edbe5efae96806"},{"reference_url":"https://github.com/advisories/GHSA-gjvc-55fw-v6vq","reference_id":"GHSA-gjvc-55fw-v6vq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjvc-55fw-v6vq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380605?format=json","purl":"pkg:composer/wallabag/wallabag@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2y3q-gces-gbdx"},{"vulnerability":"VCID-jzng-319m-8feu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.6.3"}],"aliases":["CVE-2023-4455","GHSA-gjvc-55fw-v6vq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2g1k-7bhh-w3gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360835?format=json","vulnerability_id":"VCID-2y3q-gces-gbdx","summary":"Wallabag user can disable 2FA unintentionally\n## Impact\nwallabag was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily disable 2FA through `/config/otp/app/disable` and `/config/otp/email/disable`.\n\nThis vulnerability has a CVSSv3.1 score of 4.3.\n\n**You should upgrade your instance to version 2.6.7 or higher.**\n\n## Resolution\n\nThese endpoints now require POST method.\n\n## Credits\n\nWe would like to thank @dhina016 for reporting this issue through huntr.dev.\n\nReference: https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487/","references":[{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://github.com/wallabag/wallabag/commit/0cfdddc2eb0aee5ffb69bf499d377d75655ba157","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/0cfdddc2eb0aee5ffb69bf499d377d75655ba157"},{"reference_url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-56fm-hfp3-x3w3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-56fm-hfp3-x3w3"},{"reference_url":"https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487"},{"reference_url":"https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487/","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.dev/bounties/4c446fe7-2a44-4907-b0cf-4ab77d75c487/"},{"reference_url":"https://github.com/advisories/GHSA-56fm-hfp3-x3w3","reference_id":"GHSA-56fm-hfp3-x3w3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-56fm-hfp3-x3w3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379201?format=json","purl":"pkg:composer/wallabag/wallabag@2.6.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jzng-319m-8feu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.6.7"}],"aliases":["GHSA-56fm-hfp3-x3w3","GMS-2023-2789"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2y3q-gces-gbdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148631?format=json","vulnerability_id":"VCID-65q9-n4jm-k3cw","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0736","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52959","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52831","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0736"},{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0736","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0736"},{"reference_url":"https://github.com/wallabag/wallabag/commit/4e023bddc3622ba5e901cc14a261fcb98d955cd7","reference_id":"4e023bddc3622ba5e901cc14a261fcb98d955cd7","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:31:50Z/"}],"url":"https://github.com/wallabag/wallabag/commit/4e023bddc3622ba5e901cc14a261fcb98d955cd7"},{"reference_url":"https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e","reference_id":"7e6f9614-6a96-4295-83f0-06a240be844e","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:31:50Z/"}],"url":"https://huntr.dev/bounties/7e6f9614-6a96-4295-83f0-06a240be844e"},{"reference_url":"https://github.com/advisories/GHSA-3x2c-87cq-qx49","reference_id":"GHSA-3x2c-87cq-qx49","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3x2c-87cq-qx49"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372844?format=json","purl":"pkg:composer/wallabag/wallabag@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2g1k-7bhh-w3gd"},{"vulnerability":"VCID-2y3q-gces-gbdx"},{"vulnerability":"VCID-jzng-319m-8feu"},{"vulnerability":"VCID-mwh5-ud4b-83fk"},{"vulnerability":"VCID-w4ye-ytxq-4qaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.4"}],"aliases":["CVE-2023-0736","GHSA-3x2c-87cq-qx49"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65q9-n4jm-k3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148315?format=json","vulnerability_id":"VCID-69dq-pg6x-zffy","summary":"Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0609","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37072","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.36894","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0609"},{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-qwx8-mxxx-mg96","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-qwx8-mxxx-mg96"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0609","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0609"},{"reference_url":"https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb","reference_id":"0f7460dbab9e29f4f7d2944aca20210f828b6abb","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:18:03Z/"}],"url":"https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb"},{"reference_url":"https://huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0","reference_id":"3adef66f-fc86-4e6d-a540-2ffa59342ff0","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:18:03Z/"}],"url":"https://huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0"},{"reference_url":"https://github.com/advisories/GHSA-qwx8-mxxx-mg96","reference_id":"GHSA-qwx8-mxxx-mg96","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwx8-mxxx-mg96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380354?format=json","purl":"pkg:composer/wallabag/wallabag@2.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2g1k-7bhh-w3gd"},{"vulnerability":"VCID-2y3q-gces-gbdx"},{"vulnerability":"VCID-65q9-n4jm-k3cw"},{"vulnerability":"VCID-epmp-j39p-puen"},{"vulnerability":"VCID-jzng-319m-8feu"},{"vulnerability":"VCID-tzbv-2x21-dybb"},{"vulnerability":"VCID-w4ye-ytxq-4qaw"},{"vulnerability":"VCID-yytf-h8rc-zuaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.3"}],"aliases":["CVE-2023-0609","GHSA-qwx8-mxxx-mg96"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69dq-pg6x-zffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148508?format=json","vulnerability_id":"VCID-epmp-j39p-puen","summary":"Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0734","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52995","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52866","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0734"},{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://github.com/wallabag/wallabag/releases/tag/2.5.4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/releases/tag/2.5.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0734","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0734"},{"reference_url":"https://huntr.dev/bounties/a296324c-6925-4f5f-a729-39b0d73d5b8b","reference_id":"a296324c-6925-4f5f-a729-39b0d73d5b8b","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:29:19Z/"}],"url":"https://huntr.dev/bounties/a296324c-6925-4f5f-a729-39b0d73d5b8b"},{"reference_url":"https://github.com/wallabag/wallabag/commit/acd285dcbb71b595e6320bb1d0d3a44cdf646ac0","reference_id":"acd285dcbb71b595e6320bb1d0d3a44cdf646ac0","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-06T16:29:19Z/"}],"url":"https://github.com/wallabag/wallabag/commit/acd285dcbb71b595e6320bb1d0d3a44cdf646ac0"},{"reference_url":"https://github.com/advisories/GHSA-8ccw-f83g-v7g3","reference_id":"GHSA-8ccw-f83g-v7g3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8ccw-f83g-v7g3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372844?format=json","purl":"pkg:composer/wallabag/wallabag@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2g1k-7bhh-w3gd"},{"vulnerability":"VCID-2y3q-gces-gbdx"},{"vulnerability":"VCID-jzng-319m-8feu"},{"vulnerability":"VCID-mwh5-ud4b-83fk"},{"vulnerability":"VCID-w4ye-ytxq-4qaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.4"}],"aliases":["CVE-2023-0734","GHSA-8ccw-f83g-v7g3"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epmp-j39p-puen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360511?format=json","vulnerability_id":"VCID-jzng-319m-8feu","summary":"wallabag/wallabag Has Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities\n## Impact\n\nwallabag versions prior to 2.6.11 were discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities across several endpoints. An attacker could craft a malicious link or page that, if visited by a logged-in wallabag user, could trick the user's browser into performing unintended actions within their wallabag account without their consent. Additionally, one endpoint affects the login page locale setting.\n\nThe affected endpoints allow attackers to potentially perform actions such as:\n\n* **Manage API Tokens:**\n    * `/generate-token`\n    * `/revoke-token`\n* **Manage User Rules:**\n    * `/tagging-rule/delete/{taggingRule}`\n    * `/ignore-origin-user-rule/delete/{ignoreOriginUserRule}`\n* **Modify User Configuration:**\n    * `/config/view-mode`\n* **Manage Individual Entries:**\n    * `/reload/{id}`\n    * `/archive/{id}`\n    * `/star/{id}`\n    * `/delete/{id}`\n    * `/share/{id}`\n    * `/share/delete/{id}`\n* **Manage Tags:**\n    * `/remove-tag/{entry}/{tag}`\n    * `/tag/search/{filter}`\n    * `/tag/delete/{slug}`\n* **Perform Bulk Actions:**\n    * `/mass`\n* **Change Interface Language (Login Page):**\n    * `/locale/{language}`\n\nSuccessfully exploiting these vulnerabilities could lead to unauthorized modification or deletion of user data, configuration changes, token manipulation, or interface changes, depending on the specific endpoint targeted.\n\nThis set of vulnerabilities has an aggregated CVSS v3.1 score of 4.3 (Medium).\n\n**Users are strongly advised to upgrade their wallabag instance to version 2.6.11 or later to mitigate these vulnerabilities.**\n\n## Resolution\n\nThese vulnerabilities have been addressed in wallabag version **2.6.11**. The affected endpoints have been modified to require the HTTP POST method along with a valid CSRF token for state-changing actions, preventing attackers from forcing users' browsers to perform these actions unintentionally.\n\n## Credits\n\nFound, reported and fixed by @yguedidi","references":[{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://github.com/wallabag/wallabag/commit/00d0e6f951927434039465b4d3ae3dd661911172","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/00d0e6f951927434039465b4d3ae3dd661911172"},{"reference_url":"https://github.com/wallabag/wallabag/commit/0d8429dfc77b84f50060b253fd84f1c09b892226","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/0d8429dfc77b84f50060b253fd84f1c09b892226"},{"reference_url":"https://github.com/wallabag/wallabag/commit/264f91126e2c42188b80848c881264da743b4dc1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/264f91126e2c42188b80848c881264da743b4dc1"},{"reference_url":"https://github.com/wallabag/wallabag/commit/27f0d94db72fb2a54b5965e4e9908a0f418f44b5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/27f0d94db72fb2a54b5965e4e9908a0f418f44b5"},{"reference_url":"https://github.com/wallabag/wallabag/commit/3817010e29ed368df271cdd11ec71a46a341c673","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/3817010e29ed368df271cdd11ec71a46a341c673"},{"reference_url":"https://github.com/wallabag/wallabag/commit/5ea5115a721651f2af349e8451be8947dad9c814","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/5ea5115a721651f2af349e8451be8947dad9c814"},{"reference_url":"https://github.com/wallabag/wallabag/commit/677b2986bc78df4c7ecfed87a24593fa0553fd3c","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/677b2986bc78df4c7ecfed87a24593fa0553fd3c"},{"reference_url":"https://github.com/wallabag/wallabag/commit/6fa61c0f9c48d37625c92a8913b487230761fb47","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/6fa61c0f9c48d37625c92a8913b487230761fb47"},{"reference_url":"https://github.com/wallabag/wallabag/commit/99c8a06594d6ee7480ce4d041ccff3025b353656","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/99c8a06594d6ee7480ce4d041ccff3025b353656"},{"reference_url":"https://github.com/wallabag/wallabag/commit/ac5b5fb379233d6e96ea14ae21b7f88761d5fa3f","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/ac5b5fb379233d6e96ea14ae21b7f88761d5fa3f"},{"reference_url":"https://github.com/wallabag/wallabag/commit/cf49be694089667bbab9f10d52862fbdba9a89de","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/cf49be694089667bbab9f10d52862fbdba9a89de"},{"reference_url":"https://github.com/wallabag/wallabag/commit/d1e128900acc0cb8c88eb7a085c9ef5420cf0c43","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/d1e128900acc0cb8c88eb7a085c9ef5420cf0c43"},{"reference_url":"https://github.com/wallabag/wallabag/commit/d703fa6a3a75f7c3b433e8caf618bfb0a9a0ba63","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/d703fa6a3a75f7c3b433e8caf618bfb0a9a0ba63"},{"reference_url":"https://github.com/wallabag/wallabag/commit/ddf2e808422e41ea55cebf2aa12eb1823c5c340a","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/ddf2e808422e41ea55cebf2aa12eb1823c5c340a"},{"reference_url":"https://github.com/wallabag/wallabag/commit/e162408139ac9bb12e69f4d49de45ade49369c21","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/e162408139ac9bb12e69f4d49de45ade49369c21"},{"reference_url":"https://github.com/wallabag/wallabag/commit/eb8408b22fbaa6b3d78047d6203b23b7f52bbf03","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/eb8408b22fbaa6b3d78047d6203b23b7f52bbf03"},{"reference_url":"https://github.com/wallabag/wallabag/commit/ed1acf59e166a2a6bb81c52baaeabd6196feae98","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/ed1acf59e166a2a6bb81c52baaeabd6196feae98"},{"reference_url":"https://github.com/wallabag/wallabag/commit/edffef837598355c9bec433c469f1e04c35b27cb","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/commit/edffef837598355c9bec433c469f1e04c35b27cb"},{"reference_url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-5pm7-cp8f-p2c2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-5pm7-cp8f-p2c2"},{"reference_url":"https://github.com/advisories/GHSA-5pm7-cp8f-p2c2","reference_id":"GHSA-5pm7-cp8f-p2c2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5pm7-cp8f-p2c2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376445?format=json","purl":"pkg:composer/wallabag/wallabag@2.6.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.6.11"}],"aliases":["GHSA-5pm7-cp8f-p2c2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzng-319m-8feu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148072?format=json","vulnerability_id":"VCID-qjcv-xawp-s3b3","summary":"Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0610","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37114","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37293","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0610"},{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-mrqx-mjc4-vfh3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-mrqx-mjc4-vfh3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0610","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0610"},{"reference_url":"https://github.com/wallabag/wallabag/commit/5ac6b6bff9e2e3a87fd88c2904ff3c6aac40722e","reference_id":"5ac6b6bff9e2e3a87fd88c2904ff3c6aac40722e","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:07:00Z/"}],"url":"https://github.com/wallabag/wallabag/commit/5ac6b6bff9e2e3a87fd88c2904ff3c6aac40722e"},{"reference_url":"https://huntr.dev/bounties/8fdd9b31-d89b-4bbe-9557-20b960faf926","reference_id":"8fdd9b31-d89b-4bbe-9557-20b960faf926","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-26T20:07:00Z/"}],"url":"https://huntr.dev/bounties/8fdd9b31-d89b-4bbe-9557-20b960faf926"},{"reference_url":"https://github.com/advisories/GHSA-mrqx-mjc4-vfh3","reference_id":"GHSA-mrqx-mjc4-vfh3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mrqx-mjc4-vfh3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380354?format=json","purl":"pkg:composer/wallabag/wallabag@2.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2g1k-7bhh-w3gd"},{"vulnerability":"VCID-2y3q-gces-gbdx"},{"vulnerability":"VCID-65q9-n4jm-k3cw"},{"vulnerability":"VCID-epmp-j39p-puen"},{"vulnerability":"VCID-jzng-319m-8feu"},{"vulnerability":"VCID-tzbv-2x21-dybb"},{"vulnerability":"VCID-w4ye-ytxq-4qaw"},{"vulnerability":"VCID-yytf-h8rc-zuaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.3"}],"aliases":["CVE-2023-0610","GHSA-mrqx-mjc4-vfh3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjcv-xawp-s3b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148497?format=json","vulnerability_id":"VCID-tzbv-2x21-dybb","summary":"wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0737","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23459","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23655","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0737"},{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0737","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0737"},{"reference_url":"https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc","reference_id":"268372dbbdd7ef87b84617fdebf95d0a86caf7dc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T22:30:02Z/"}],"url":"https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc"},{"reference_url":"https://huntr.com/bounties/4ba20fe7-4061-4dfb-ab2f-ecaf110641a5","reference_id":"4ba20fe7-4061-4dfb-ab2f-ecaf110641a5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T22:30:02Z/"}],"url":"https://huntr.com/bounties/4ba20fe7-4061-4dfb-ab2f-ecaf110641a5"},{"reference_url":"https://github.com/advisories/GHSA-99w8-c5f6-96pp","reference_id":"GHSA-99w8-c5f6-96pp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-99w8-c5f6-96pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372844?format=json","purl":"pkg:composer/wallabag/wallabag@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2g1k-7bhh-w3gd"},{"vulnerability":"VCID-2y3q-gces-gbdx"},{"vulnerability":"VCID-jzng-319m-8feu"},{"vulnerability":"VCID-mwh5-ud4b-83fk"},{"vulnerability":"VCID-w4ye-ytxq-4qaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.4"}],"aliases":["CVE-2023-0737","GHSA-99w8-c5f6-96pp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzbv-2x21-dybb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140016?format=json","vulnerability_id":"VCID-w4ye-ytxq-4qaw","summary":"Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4454","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34313","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34491","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4454"},{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-p8gp-899c-jvq9","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag/security/advisories/GHSA-p8gp-899c-jvq9"},{"reference_url":"https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299/","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299/"},{"reference_url":"https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299","reference_id":"4ee0ef74-e4d4-46e7-a05c-076bce522299","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:04:16Z/"}],"url":"https://huntr.dev/bounties/4ee0ef74-e4d4-46e7-a05c-076bce522299"},{"reference_url":"https://github.com/wallabag/wallabag/commit/78b0b55c40511e1f22d5bbb4897aa10fca68441c","reference_id":"78b0b55c40511e1f22d5bbb4897aa10fca68441c","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:04:16Z/"}],"url":"https://github.com/wallabag/wallabag/commit/78b0b55c40511e1f22d5bbb4897aa10fca68441c"},{"reference_url":"https://github.com/advisories/GHSA-p8gp-899c-jvq9","reference_id":"GHSA-p8gp-899c-jvq9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p8gp-899c-jvq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380605?format=json","purl":"pkg:composer/wallabag/wallabag@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2y3q-gces-gbdx"},{"vulnerability":"VCID-jzng-319m-8feu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.6.3"}],"aliases":["CVE-2023-4454","GHSA-p8gp-899c-jvq9","GMS-2023-1941"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4ye-ytxq-4qaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148291?format=json","vulnerability_id":"VCID-yytf-h8rc-zuaf","summary":"Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0735","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35799","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3598","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0735"},{"reference_url":"https://github.com/wallabag/wallabag","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wallabag/wallabag"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0735","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0735"},{"reference_url":"https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc","reference_id":"268372dbbdd7ef87b84617fdebf95d0a86caf7dc","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:33:59Z/"}],"url":"https://github.com/wallabag/wallabag/commit/268372dbbdd7ef87b84617fdebf95d0a86caf7dc"},{"reference_url":"https://huntr.dev/bounties/8bc78cb1-b10b-4152-842e-ceb999fc5508","reference_id":"8bc78cb1-b10b-4152-842e-ceb999fc5508","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:33:59Z/"}],"url":"https://huntr.dev/bounties/8bc78cb1-b10b-4152-842e-ceb999fc5508"},{"reference_url":"https://github.com/advisories/GHSA-2qxp-xmx6-cq4f","reference_id":"GHSA-2qxp-xmx6-cq4f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qxp-xmx6-cq4f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372844?format=json","purl":"pkg:composer/wallabag/wallabag@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2g1k-7bhh-w3gd"},{"vulnerability":"VCID-2y3q-gces-gbdx"},{"vulnerability":"VCID-jzng-319m-8feu"},{"vulnerability":"VCID-mwh5-ud4b-83fk"},{"vulnerability":"VCID-w4ye-ytxq-4qaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.5.4"}],"aliases":["CVE-2023-0735","GHSA-2qxp-xmx6-cq4f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yytf-h8rc-zuaf"}],"fixing_vulnerabilities":[],"risk_score":"3.3","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wallabag/wallabag@2.3.7"}