Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-ww7p-8gfg-v82r: Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior (corresponding to @scrypted/core 0.1.142 and prior), a reflected cross-site scripting vulnerability exists in the login page via the redirect_uri parameter. By specifying a url with the javascript scheme (javascript:), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.

ghsa
Open in Source
#xss#vulnerability#git#java

Scrypted Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Aug 5, 2024 to the GitHub Advisory Database • Updated Aug 5, 2024

Related news

CVE-2023-47623: GHSL-2023-218_GHSL-2023-219: Cross-Site Scripting (XSS) in scrypted

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters
ghsa