CVE-2017-16782

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-16782
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16782.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-16782
Published
2017-11-10T23:29:00Z
Modified
2024-09-03T01:53:45.520937Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.

References

Affected packages

Git / github.com/home-assistant/home-assistant

Affected ranges

Type
GIT
Repo
https://github.com/home-assistant/home-assistant
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.10
0.10.1
0.11
0.11.1
0.12
0.13
0.13.1
0.14
0.14.1
0.14.2
0.15
0.16
0.16.1
0.17
0.17.1
0.17.2
0.17.3
0.18
0.19
0.19.1
0.19.2
0.19.3
0.19.4
0.20
0.20.1
0.20.2
0.20.3
0.21
0.21.1
0.21.2
0.22
0.23
0.23.1
0.24
0.24.1
0.25
0.25.1
0.25.2
0.26
0.26.1
0.26.2
0.26.3
0.27.0
0.27.1
0.27.2
0.28
0.28.1
0.28.2
0.29
0.29.2
0.29.3
0.29.4
0.29.5
0.29.6
0.29.7
0.30
0.30.1
0.30.2
0.31
0.31.1
0.32
0.32.1
0.32.2
0.32.3
0.32.4
0.33
0.33.1
0.33.2
0.33.3
0.33.4
0.34
0.34.1
0.34.2
0.34.3
0.34.4
0.34.5
0.35
0.35.1
0.35.2
0.35.3
0.36
0.36.1
0.37
0.37.1
0.38
0.38.1
0.38.2
0.38.3
0.38.4
0.39
0.39.1
0.39.2
0.39.3
0.40
0.40.1
0.40.2
0.41
0.42
0.42.1
0.42.2
0.42.3
0.42.4
0.43
0.43.1
0.43.2
0.44
0.44.1
0.44.2
0.45
0.45.1
0.46
0.46.1
0.47
0.47.1
0.48
0.48.1
0.49
0.49.1
0.50
0.50.2
0.51
0.51.1
0.51.2
0.52
0.52.1
0.53
0.53.1
0.54
0.55
0.55.1
0.55.2
0.56
0.56.1
0.56.2
0.7
0.7-rc.1
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.8
0.9
0.9.1

Other

Last-Python2-release