22 matches found
EUVD-2024-2687
Malicious code in bioql PyPI...
EUVD-2024-2681
Malicious code in bioql PyPI...
CVE-2023-47623
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...
CVE-2023-47620
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...
Reflected Cross-Site Scripting (Reflected XSS)
Scrypted is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to lack of input sanitization in the 'owner' and 'pkg' parameters in the plugin-http.ts file, allowing an attacker to run arbitrary JavaScript code...
GHSA-WW7P-8GFG-V82R Scrypted Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior corresponding to @scrypted/core 0.1.142 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme...
Scrypted Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior corresponding to @scrypted/core 0.1.142 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme...
Scrypted Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...
GHSA-XMHH-XRCC-MX36 Scrypted Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...
GHSA-W4HV-VMV9-HGCR GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`
GitHub Security Lab GHSL Vulnerability Report, scrypted: GHSL-2023-218, GHSL-2023-219 The GitHub Security Lab team has identified potential security vulnerabilities in scrypted. We are committed to working with you to help resolve these issues. In this report you will find everything you need to...
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`
GitHub Security Lab GHSL Vulnerability Report, scrypted: GHSL-2023-218, GHSL-2023-219 The GitHub Security Lab team has identified potential security vulnerabilities in scrypted. We are committed to working with you to help resolve these issues. In this report you will find everything you need to...
CVE-2023-47620
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...
CVE-2023-47623
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...
Cross site scripting
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...
CVE-2023-47620 Scrypted reflected Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...
CVE-2023-47620 Scrypted reflected Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code...
CVE-2023-47620
CVE-2023-47620 affects Scrypted up to v0.55.0, where a reflected Cross-Site Scripting (XSS) vulnerability exists in the plugin-http.ts endpoint using the owner and pkg parameters. The vulnerability allows an attacker to inject arbitrary JavaScript by reflecting user-controlled input back in the r...
CVE-2023-47623 Scrypted reflected Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...
CVE-2023-47623
CVE-2023-47623 corresponds to a reflected cross-site scripting (XSS) vulnerability in the Scrypted platform. The issue affects versions 0.55.0 and prior, occurring in the login flow via the redirect_uri parameter (and related login page handling). An attacker can supply a javascript: URL to execu...
CVE-2023-47623 Scrypted reflected Cross-site Scripting vulnerability
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirecturi parameter. By specifying a url with the javascript scheme javascript:, an attacker can run arbitrary JavaScript...