Fluid Attacks Database

Description

Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration in miniflux.app Miniflux Media Proxy vulnerable to Stored Cross-site Scripting due to improper Content-Security-Policy configuration in miniflux.app

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	miniflux.app	-	-
go	miniflux.app/v2	>=0 <2.2.7	2.2.7

Aliases

1. CVE-2025-314832. NVD-2025-314833. OSV-GO-2025-35914. OSV-2025-314835. GHSA-cq88-842x-2jhp6. GCVE-2025-314837. GHSA-cq88-842x-2jhp

References

1. https://github.com/miniflux/v2/commit/cb695e653a08af4cabcb277c271ce74bd0c746e62. https://github.com/miniflux/v2/security/advisories/GHSA-cq88-842x-2jhp

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.