Home-Assistant: >> Home-Assistant Security Vulnerabilities
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-09-23
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-10
Page 2