GHSA-xmhh-xrcc-mx36

Опубликовано: 05 авг. 2024

Источник: github

Github: Прошло ревью

CVSS4: 5.3

CVSS3: 6.1

Описание

Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available.

Ссылки

Пакеты

Наименование

@scrypted/server

npm

Затронутые версииВерсия исправления

<= 0.55.0

Отсутствует

EPSS

Процентиль: 44%

0.00219

Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2023-47620

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-47620

CVSS3: 6.1

nvd

около 2 лет назад

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code.

EPSS

Процентиль: 44%

0.00219

Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2023-47620

Дефекты

CWE-79