12 matches found
CVE-2026-33044
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see ...
Cross-Site Scripting
Home Assistant is vulnerable to Cross-Site Scripting. The vulnerability is due to an authenticated party adding a malicious name to their device entity, where the malicious name allows for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that...
EUVD-2026-16774
Home Assistant has stored XSS in Map-card through malicious device name...
Cross-site Scripting (XSS)
Overview home-assistant-frontend is a The Home Assistant frontend Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of device entity names within the map-card component when the hourstoshow attribute is set. An attacker can execute arbitrary JavaScript ...
GHSA-R584-6283-P7XC Home Assistant has stored XSS in Map-card through malicious device name
Summary An authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that entity. It requires that the victim hovers over an information point The lines or the dots...
Home Assistant has stored XSS in Map-card through malicious device name
Summary An authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that entity. It requires that the victim hovers over an information point The lines or the dots...
CVE-2026-33044
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see ...
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see ...
CVE-2026-33044
CVE-2026-33044 affects Home Assistant. An authenticated party can set a malicious name on a device entity, enabling stored XSS in dashboards containing a Map-card when a user hovers an information point. Vulnerable since 2020.02 up to 2026.01; fixed in 2026.01. The issue impacts dashboards visibl...
CVE-2026-33044
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see ...
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see ...
PT-2026-28466
Name of the Vulnerable Software and Affected Versions Home Assistant versions 2020.02 through 2026.01 Description Home Assistant, an open-source home automation software, contains a flaw where an authenticated user can inject malicious code into a device entity name. This allows for Cross-Site...