Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The...
2.7CVSS
6.7AI Score
0.0004EPSS
Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit...
8.2CVSS
6.4AI Score
0.001EPSS
An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth...
9.8CVSS
9.5AI Score
0.002EPSS
6.5CVSS
6.8AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src....
8.2CVSS
6AI Score
0.001EPSS