PT-2021-10703 · Unknown · Homeautomation
Gjoko Krstic
·
Published
2021-04-27
·
Updated
2021-05-10
·
CVE-2020-21987
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
HomeAutomation version 3.3.2
Description:
The issue is related to persistent Cross Site Scripting (XSS), which occurs when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
Recommendations:
For HomeAutomation version 3.3.2, ensure that all input parameters are properly sanitized before being returned to the user to prevent exploitation of the XSS issue. As a temporary workaround, consider restricting the execution of arbitrary HTML and script code in user browser sessions until a proper fix is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Homeautomation