In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2022-3076 | In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. |
![]() |
GHSA-7wfq-wmx2-3wr4 | Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T20:35:21.043Z
Reserved: 2017-11-10T00:00:00
Link: CVE-2017-16782

No data.

Status : Deferred
Published: 2017-11-10T23:29:00.323
Modified: 2025-04-20T01:37:25.860
Link: CVE-2017-16782

No data.

No data.