Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published: 2022-05-20T11:01:18

Updated: 2024-08-03T04:36:06.674Z

Reserved: 2022-02-15T00:00:00

Link: CVE-2022-25229

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-05-20T11:15:07.427

Modified: 2024-11-21T06:51:50.707

Link: CVE-2022-25229

cve-icon Redhat

No data.