Filtered by vendor Clockworkmod Subscriptions
Filtered by product Scrypted Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-47623 1 Clockworkmod 1 Scrypted 2024-11-21 6.1 Medium
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login.
CVE-2023-47620 1 Clockworkmod 1 Scrypted 2024-11-21 6.1 Medium
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code.