CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.8%

CVSS Severity

CVSS v3 Score 4.3

References

Products affected by CVE-2023-1384

Amazon » Fire Tv Stick 3rd Gen » Version: N/A

cpe:2.3:h:amazon:fire_tv_stick_3rd_gen:-
Bestbuy » Insignia Tv » Version: N/A

cpe:2.3:h:bestbuy:insignia_tv:-
Amazon » Fire Os » Version: 1

cpe:2.3:o:amazon:fire_os:1
Amazon » Fire Os » Version: 2

cpe:2.3:o:amazon:fire_os:2
Amazon » Fire Os » Version: 3

cpe:2.3:o:amazon:fire_os:3
Amazon » Fire Os » Version: 4

cpe:2.3:o:amazon:fire_os:4
Amazon » Fire Os » Version: 5

cpe:2.3:o:amazon:fire_os:5
Amazon » Fire Os » Version: 5.3.6.3

cpe:2.3:o:amazon:fire_os:5.3.6.3
Amazon » Fire Os » Version: 5.3.6.4

cpe:2.3:o:amazon:fire_os:5.3.6.4
Amazon » Fire Os » Version: 6

cpe:2.3:o:amazon:fire_os:6
Amazon » Fire Os » Version: 6.2.9.5

cpe:2.3:o:amazon:fire_os:6.2.9.5
Amazon » Fire Os » Version: 7

cpe:2.3:o:amazon:fire_os:7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1384

Products

Pricing

Contact Us