gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Alexxit
Alexxit go2rtc |
|
CPEs | cpe:2.3:a:alexxit:go2rtc:*:*:*:*:*:*:*:* | |
Vendors & Products |
Alexxit
Alexxit go2rtc |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T01:10:55.432Z
Reserved: 2024-03-18T17:07:00.094Z
Link: CVE-2024-29191

Updated: 2024-08-02T01:10:55.432Z

Status : Analyzed
Published: 2024-04-04T15:15:39.043
Modified: 2025-09-02T15:24:33.513
Link: CVE-2024-29191

No data.

No data.