10 matches found
CVE-2025-62172
Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject malicious JavaScript code into an energy entity's name fiel...
EUVD-2025-34249
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name...
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name
Summary An authenticated party can add a malicious name to the Energy entity, allowing for Cross-Site Scripting attacks against anyone who can see the Energy dashboard, when they hover over any information point The blue bar in the picture below An alternative, and more impactful scenario, is tha...
CVE-2025-62172
Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject malicious JavaScript code into an energy entity's name fiel...
CVE-2025-62172
Summary of vulnerability (CVE-2025-62172) : Home Assistant Energy dashboard in versions 2025.1.0–2025.10.1 is vulnerable to stored XSS via HTML in energy entity names. An authenticated user can inject JavaScript that executes in other users’ sessions when hovering graph tooltips, because entity n...
CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name
Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject malicious JavaScript code into an energy entity's name fiel...
CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name
Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject malicious JavaScript code into an energy entity's name fiel...
CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name
Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject malicious JavaScript code into an energy entity's name fiel...
PT-2025-41968
Name of the Vulnerable Software and Affected Versions Home Assistant versions 2025.1.0 through 2025.10.1 Description Home Assistant is home automation software that prioritizes local control and privacy. The energy dashboard is susceptible to stored cross-site scripting. An authenticated user can...
Home Assistant 安全漏洞
Home Assistant is an open source home automation management system from Home Assistant Open Source. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions 2025.1.0 through 2025.10.1, which stems from entity names not being...