2 matches found
CVE-2024-27287
creationtimestamp| type| source ---|---|--- 2024-03-06 20:26:47+00:00| seen| https://t.me/ctinow/201758 2024-03-06 20:36:17+00:00| seen| https://t.me/ctinow/201779 2024-04-13 01:34:54+00:00| seen| https://t.me/arpsyndicate/4624...
CVE-2024-27287
ESPHome’s CVE-2024-27287 affects the dashboard’s edit API in ESPHome 2023.12.9 up to 2024.2.1 (prior to 2024.2.2). A remote, authenticated user can inject arbitrary JavaScript via the /edit endpoint by posting to /edit?configuration=[file], storing unsanitized data in a page served with Content-T...