wger

vulnerable: 1.1 ... 2.1 (14 versions)

Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.

vulnerable: 1.1 ... 2.1 (14 versions)

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingred…

vulnerable: 1.1 ... 2.1 (14 versions)

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templ…

vulnerable: 1.1 ... 2.1 (14 versions)

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields (such as license_author) wit…

vulnerable: 1.1 ... 2.1 (14 versions)

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permissi…

vulnerable: 1.1 ... 2.1 (14 versions)

wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope authorization check using Python object comparison (!=) that evaluates None != N…