CVE-2023-45671 Scanner

Vulnerability Overview

Frigate versions prior to 0.13.0 Beta 3 are susceptible to a reflected XSS attack via API endpoints that use the /<camera_name> base path. This vulnerability arises because the application does not properly sanitize user-supplied input in the URL path, allowing attackers to embed malicious scripts.

Vulnerability Details

This XSS vulnerability is exploitable when Frigate is publicly accessible, and the attacker can trick an authenticated user into clicking a specially crafted link. The lack of input sanitization allows the attacker to inject and execute arbitrary JavaScript code in the user's browser session.

Possible Effects

• Execution of unauthorized JavaScript on the user's browser.
• Potential theft of sensitive information from authenticated sessions.
• Manipulation of the user interface to deceive users.

Why Choose SecurityForEveryone

SecurityForEveryone provides a robust platform to identify and mitigate vulnerabilities in real-time. With our scanner:

• You gain comprehensive insights into potential security threats.
• We offer detailed recommendations for swift and effective remediation.
• Enjoy peace of mind with ongoing support and updates to safeguard your systems.

References

• GitHub Advisory
• NVD - CVE-2023-45671