5 matches found
Scrypted Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...
CVE-2023-47620
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...
Cross site scripting
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...
CVE-2023-47620
CVE-2023-47620 affects Scrypted up to v0.55.0, where a reflected Cross-Site Scripting (XSS) vulnerability exists in the plugin-http.ts endpoint using the owner and pkg parameters. The vulnerability allows an attacker to inject arbitrary JavaScript by reflecting user-controlled input back in the r...
CVE-2023-47623
CVE-2023-47623 corresponds to a reflected cross-site scripting (XSS) vulnerability in the Scrypted platform. The issue affects versions 0.55.0 and prior, occurring in the login flow via the redirect_uri parameter (and related login page handling). An attacker can supply a javascript: URL to execu...