Lucene search

GitHub_MCVELIST:CVE-2023-47623

HistoryDec 13, 2023 - 9:38 p.m.

CVE-2023-47623 Scrypted reflected Cross-site Scripting vulnerability

2023-12-1321:38:14

CWE-79

GitHub_M

www.cve.org

scrypted

reflected xss

vulnerability

versions 0.55.0

javascript

cross-site scripting

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirect_uri parameter. By specifying a url with the javascript scheme (javascript:), an attacker can run arbitrary JavaScript code after the login.

CNA Affected

[
  {
    "vendor": "koush",
    "product": "scrypted",
    "versions": [
      {
        "version": "<= 0.55.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79

securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVELIST:CVE-2023-47623