Yooooomi Your_spotify
5 CVEs affecting Yooooomi Your_spotify. Latest disclosed: 2024-03-13. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-28194 | Critical | 9.1 | 2024-03-13 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authen… |
CVE-2024-28195 | High | 8.1 | 2024-03-13 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site R… |
CVE-2024-28193 | Medium | 6.5 | 2024-03-13 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which… |
CVE-2024-28196 | Medium | 6.5 | 2024-03-13 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an ifram… |
CVE-2024-28192 | Medium | 5.3 | 2024-03-13 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token… |