5 matches found
GHSA-7WFQ-WMX2-3WR4 Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability
Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
CVE-2020-8548
massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
CVE-2020-8548
massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
Cross site scripting
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
CVE-2017-16782
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...