XSS in Miniflux V2
CVE-2025-31483
Miniflux is a feed reader. Due to a weak Content Security Policy on the /proxy/* route, an attacker can bypass the CSP of the media proxy and execute cross-site scripting when opening external images in a new tab/window. To mitigate the vu…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (27.6th percentile) — read the EPSS interpretation.
Affected products
- Miniflux V2 — versions < 2.2.7
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)