| |
Vulnerability CVE-2023-47623
Published: 2023-12-13 Modified: 2023-12-14
| Description: |
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available. |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References: |
https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/
https://github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
