Vulnerability Details CVE-2023-47620
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.6%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts#L45
- https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/
- https://github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts#L45
- https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/
Products affected by CVE-2023-47620
-
cpe:2.3:a:clockworkmod:scrypted:0.21.0
-
cpe:2.3:a:clockworkmod:scrypted:0.23.0
-
cpe:2.3:a:clockworkmod:scrypted:0.39.0
-
cpe:2.3:a:clockworkmod:scrypted:0.41.0
-
cpe:2.3:a:clockworkmod:scrypted:0.50.0
-
cpe:2.3:a:clockworkmod:scrypted:0.51.0
-
cpe:2.3:a:clockworkmod:scrypted:0.55.0
-
cpe:2.3:a:clockworkmod:scrypted:0.6.20
-
cpe:2.3:a:clockworkmod:scrypted:0.6.22
-
cpe:2.3:a:clockworkmod:scrypted:0.6.23
-
cpe:2.3:a:clockworkmod:scrypted:0.6.24
-
cpe:2.3:a:clockworkmod:scrypted:0.6.26
-
cpe:2.3:a:clockworkmod:scrypted:0.7.10
-
cpe:2.3:a:clockworkmod:scrypted:0.7.11
-
cpe:2.3:a:clockworkmod:scrypted:0.7.12
-
cpe:2.3:a:clockworkmod:scrypted:0.7.13
-
cpe:2.3:a:clockworkmod:scrypted:0.7.15
-
cpe:2.3:a:clockworkmod:scrypted:0.7.16
-
cpe:2.3:a:clockworkmod:scrypted:0.7.27
-
cpe:2.3:a:clockworkmod:scrypted:0.7.28
-
cpe:2.3:a:clockworkmod:scrypted:0.7.32
-
cpe:2.3:a:clockworkmod:scrypted:0.7.35
-
cpe:2.3:a:clockworkmod:scrypted:0.7.36
-
cpe:2.3:a:clockworkmod:scrypted:0.7.37
-
cpe:2.3:a:clockworkmod:scrypted:0.7.4
-
cpe:2.3:a:clockworkmod:scrypted:0.7.40
-
cpe:2.3:a:clockworkmod:scrypted:0.7.41
-
cpe:2.3:a:clockworkmod:scrypted:0.7.42
-
cpe:2.3:a:clockworkmod:scrypted:0.7.44
-
cpe:2.3:a:clockworkmod:scrypted:0.7.45
-
cpe:2.3:a:clockworkmod:scrypted:0.7.46
-
cpe:2.3:a:clockworkmod:scrypted:0.7.5
-
cpe:2.3:a:clockworkmod:scrypted:0.7.51
-
cpe:2.3:a:clockworkmod:scrypted:0.7.52
-
cpe:2.3:a:clockworkmod:scrypted:0.7.53
-
cpe:2.3:a:clockworkmod:scrypted:0.7.6
-
cpe:2.3:a:clockworkmod:scrypted:0.7.7
-
cpe:2.3:a:clockworkmod:scrypted:0.7.77
-
cpe:2.3:a:clockworkmod:scrypted:0.7.8
-
cpe:2.3:a:clockworkmod:scrypted:0.7.80
-
cpe:2.3:a:clockworkmod:scrypted:0.7.81
-
cpe:2.3:a:clockworkmod:scrypted:0.7.84
-
cpe:2.3:a:clockworkmod:scrypted:0.7.85
-
cpe:2.3:a:clockworkmod:scrypted:0.7.9
-
cpe:2.3:a:clockworkmod:scrypted:0.7.90
-
cpe:2.3:a:clockworkmod:scrypted:0.7.92
-
cpe:2.3:a:clockworkmod:scrypted:0.7.94
-
cpe:2.3:a:clockworkmod:scrypted:0.7.95
-
cpe:2.3:a:clockworkmod:scrypted:0.7.97