Home Assistant · Home Assistant · CVE-2017-16782
**Name of the Vulnerable Software and Affected Versions**
Home Assistant versions prior to 0.57
**Description**
The issue allows for the injection of JavaScript code into a persistent notification via crafted Markdown text. This can lead to a cross-site scripting (XSS) attack.
**Recommendations**
For versions prior to 0.57, update to version 0.57 or later to resolve the issue. As a temporary workaround, consider disabling the use of Markdown text in persistent notifications until a patch is available. Restrict access to the notification feature to minimize the risk of exploitation. Avoid using crafted Markdown text in notifications until the issue is resolved.