5 matches found
GHSA-7WFQ-WMX2-3WR4 Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability
Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
CVE-2020-8548
massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
CVE-2020-8548
massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
CVE-2017-16782
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
Cross site scripting
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...