CVE-2023-47623

Name of the Vulnerable Software and Affected Versions Scrypted versions 0.55.0 and prior

Description Scrypted is a home video integration and automation platform. A reflected cross-site scripting vulnerability exists in the login page via the redirect uri parameter. By specifying a URL with the javascript scheme (javascript:), an attacker can run arbitrary JavaScript code after the login. No known patches are available.

Recommendations For Scrypted versions 0.55.0 and prior, as a temporary workaround, consider restricting access to the login page or disabling the redirect uri parameter until a patch is available. Avoid using the redirect uri parameter with URLs that have the javascript scheme (javascript:) to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.