GHSA-wv8x-3w6r-6h7v

Опубликовано: 05 авг. 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

gotortc Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (links.html) appends the src GET parameter ([0]) in all of its links for 1-click previews. The context in which src is being appended is innerHTML ([1]), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue.

Ссылки

Пакеты

Наименование

github.com/AlexxIT/go2rtc

Затронутые версииВерсия исправления

< 1.9.0

1.9.0

EPSS

Процентиль: 34%

0.00139

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2024-29191

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-29191

CVSS3: 6.1

nvd

почти 2 года назад

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue.

EPSS

Процентиль: 34%

0.00139

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2024-29191

Дефекты

CWE-79