Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code.
References
Link | Resource |
---|---|
https://github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts#L45 | Product |
https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-13T21:49:41.624Z
Updated: 2024-02-13T00:01:01.140Z
Reserved: 2023-11-07T16:57:49.243Z
Link: CVE-2023-47620
JSON object: View
NVD Information
Status : Modified
Published: 2023-12-13T22:15:43.197
Modified: 2024-02-13T01:15:07.983
Link: CVE-2023-47620
JSON object: View
Redhat Information
No data.
CWE