Vulnerability CVE-2023-1384


Published: 2023-05-03

Description:
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run

This issue affects:

Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS versions prior to 7.6.3.3.

Type:

CWE-80

(Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))

 References:
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/

Copyright 2026, cxsecurity.com

 

Back to Top