Lucene search

[email protected]NVD:CVE-2023-47623

HistoryDec 13, 2023 - 10:15 p.m.

CVE-2023-47623

2023-12-1322:15:43

CWE-79

[email protected]

web.nvd.nist.gov

scrypted

video integration

xss vulnerability

javascript code

cve-2023-47623

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the redirect_uri parameter. By specifying a url with the javascript scheme (javascript:), an attacker can run arbitrary JavaScript code after the login.

Affected configurations

Nvd

Node

clockworkmodscryptedRange≤0.55.0

VendorProductVersionCPE
clockworkmodscrypted*cpe:2.3:a:clockworkmod:scrypted:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
clockworkmod	scrypted	*	cpe:2.3:a:clockworkmod:scrypted::::::::

References

github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79

securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2023-47623

cvelist1 prion2 osv2 veracode1 github1 cve2 nvd1