GHSA-ww7p-8gfg-v82r

Опубликовано: 05 авг. 2024

Источник: github

Github: Прошло ревью

CVSS4: 5.3

CVSS3: 6.1

Описание

Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior (corresponding to @scrypted/core 0.1.142 and prior), a reflected cross-site scripting vulnerability exists in the login page via the redirect_uri parameter. By specifying a url with the javascript scheme (javascript:), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.

Ссылки

Пакеты

Наименование

@scrypted/core

npm

Затронутые версииВерсия исправления

<= 0.1.142

Отсутствует

EPSS

Процентиль: 27%

0.00098

Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2023-47623

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-47623

CVSS3: 6.1

nvd

около 2 лет назад

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login.

EPSS

Процентиль: 27%

0.00098

Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2023-47623

Дефекты

CWE-79