Deluge-Torrent: >> Deluge >> 1.3.7 Security Vulnerabilities
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-08-26
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-05-17
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
CVSS Score
8.8
EPSS Score
0.012
Published
2017-03-18