Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login.
References
Link | Resource |
---|---|
https://github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79 | Product |
https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-13T21:38:14.451Z
Updated: 2024-02-13T00:00:53.415Z
Reserved: 2023-11-07T16:57:49.243Z
Link: CVE-2023-47623
JSON object: View
NVD Information
Status : Modified
Published: 2023-12-13T22:15:43.417
Modified: 2024-02-13T01:15:08.143
Link: CVE-2023-47623
JSON object: View
Redhat Information
No data.
CWE