Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2024/08/05 9:29 p.m.9 views

Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...

6.1CVSS6.1AI score0.00475EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/12/13 10:15 p.m.23 views

CVE-2023-47620

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...

6.1CVSS0.00475EPSS
Exploits1References2
Prion
Prion
added 2023/12/13 10:15 p.m.19 views

Cross site scripting

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...

5.8CVSS6AI score0.00424EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/12/13 9:49 p.m.41 views

CVE-2023-47620

CVE-2023-47620 affects Scrypted up to v0.55.0, where a reflected Cross-Site Scripting (XSS) vulnerability exists in the plugin-http.ts endpoint using the owner and pkg parameters. The vulnerability allows an attacker to inject arbitrary JavaScript by reflecting user-controlled input back in the r...

6.1CVSS6AI score0.00475EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/12/13 9:38 p.m.50 views

CVE-2023-47623

CVE-2023-47623 corresponds to a reflected cross-site scripting (XSS) vulnerability in the Scrypted platform. The issue affects versions 0.55.0 and prior, occurring in the login flow via the redirect_uri parameter (and related login page handling). An attacker can supply a javascript: URL to execu...

6.1CVSS6AI score0.00424EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder