Lycheeorg: >> Lychee >> 3.1.6 Security Vulnerabilities
Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function.
CVSS Score
8.3
EPSS Score
0.011
Published
2024-03-22
Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-22