Security for everyone

CVE-2023-45671 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Frigate affects v. before 0.13.0 Beta 3.

SCAN NOW

Short Info


Level

Low

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2023-45671 Scanner Detail

Vulnerability Overview

Frigate versions prior to 0.13.0 Beta 3 are susceptible to a reflected XSS attack via API endpoints that use the /<camera_name> base path. This vulnerability arises because the application does not properly sanitize user-supplied input in the URL path, allowing attackers to embed malicious scripts.

Vulnerability Details

This XSS vulnerability is exploitable when Frigate is publicly accessible, and the attacker can trick an authenticated user into clicking a specially crafted link. The lack of input sanitization allows the attacker to inject and execute arbitrary JavaScript code in the user's browser session.

Possible Effects

  • Execution of unauthorized JavaScript on the user's browser.
  • Potential theft of sensitive information from authenticated sessions.
  • Manipulation of the user interface to deceive users.

Why Choose SecurityForEveryone

SecurityForEveryone provides a robust platform to identify and mitigate vulnerabilities in real-time. With our scanner:

  • You gain comprehensive insights into potential security threats.
  • We offer detailed recommendations for swift and effective remediation.
  • Enjoy peace of mind with ongoing support and updates to safeguard your systems.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture