Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Deluge
(Deluge\-Torrent)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 3 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-08-26 | CVE-2021-3427 | The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session. | Deluge | 6.1 | ||
2017-03-18 | CVE-2017-7178 | CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. | Debian_linux, Deluge | N/A | ||
2017-05-17 | CVE-2017-9031 | The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. | Deluge | 9.8 |