Tautulli: Security Vulnerabilities
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
CVSS Score
6.5
EPSS Score
0.618
Published
2019-12-18
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-19