Vulnerability Details CVE-2023-47623
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.0%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79
- https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/
- https://github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79
- https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/
Products affected by CVE-2023-47623
-
cpe:2.3:a:clockworkmod:scrypted:0.21.0
-
cpe:2.3:a:clockworkmod:scrypted:0.23.0
-
cpe:2.3:a:clockworkmod:scrypted:0.39.0
-
cpe:2.3:a:clockworkmod:scrypted:0.41.0
-
cpe:2.3:a:clockworkmod:scrypted:0.50.0
-
cpe:2.3:a:clockworkmod:scrypted:0.51.0
-
cpe:2.3:a:clockworkmod:scrypted:0.55.0
-
cpe:2.3:a:clockworkmod:scrypted:0.6.20
-
cpe:2.3:a:clockworkmod:scrypted:0.6.22
-
cpe:2.3:a:clockworkmod:scrypted:0.6.23
-
cpe:2.3:a:clockworkmod:scrypted:0.6.24
-
cpe:2.3:a:clockworkmod:scrypted:0.6.26
-
cpe:2.3:a:clockworkmod:scrypted:0.7.10
-
cpe:2.3:a:clockworkmod:scrypted:0.7.11
-
cpe:2.3:a:clockworkmod:scrypted:0.7.12
-
cpe:2.3:a:clockworkmod:scrypted:0.7.13
-
cpe:2.3:a:clockworkmod:scrypted:0.7.15
-
cpe:2.3:a:clockworkmod:scrypted:0.7.16
-
cpe:2.3:a:clockworkmod:scrypted:0.7.27
-
cpe:2.3:a:clockworkmod:scrypted:0.7.28
-
cpe:2.3:a:clockworkmod:scrypted:0.7.32
-
cpe:2.3:a:clockworkmod:scrypted:0.7.35
-
cpe:2.3:a:clockworkmod:scrypted:0.7.36
-
cpe:2.3:a:clockworkmod:scrypted:0.7.37
-
cpe:2.3:a:clockworkmod:scrypted:0.7.4
-
cpe:2.3:a:clockworkmod:scrypted:0.7.40
-
cpe:2.3:a:clockworkmod:scrypted:0.7.41
-
cpe:2.3:a:clockworkmod:scrypted:0.7.42
-
cpe:2.3:a:clockworkmod:scrypted:0.7.44
-
cpe:2.3:a:clockworkmod:scrypted:0.7.45
-
cpe:2.3:a:clockworkmod:scrypted:0.7.46
-
cpe:2.3:a:clockworkmod:scrypted:0.7.5
-
cpe:2.3:a:clockworkmod:scrypted:0.7.51
-
cpe:2.3:a:clockworkmod:scrypted:0.7.52
-
cpe:2.3:a:clockworkmod:scrypted:0.7.53
-
cpe:2.3:a:clockworkmod:scrypted:0.7.6
-
cpe:2.3:a:clockworkmod:scrypted:0.7.7
-
cpe:2.3:a:clockworkmod:scrypted:0.7.77
-
cpe:2.3:a:clockworkmod:scrypted:0.7.8
-
cpe:2.3:a:clockworkmod:scrypted:0.7.80
-
cpe:2.3:a:clockworkmod:scrypted:0.7.81
-
cpe:2.3:a:clockworkmod:scrypted:0.7.84
-
cpe:2.3:a:clockworkmod:scrypted:0.7.85
-
cpe:2.3:a:clockworkmod:scrypted:0.7.9
-
cpe:2.3:a:clockworkmod:scrypted:0.7.90
-
cpe:2.3:a:clockworkmod:scrypted:0.7.92
-
cpe:2.3:a:clockworkmod:scrypted:0.7.94
-
cpe:2.3:a:clockworkmod:scrypted:0.7.95
-
cpe:2.3:a:clockworkmod:scrypted:0.7.97