S4E

CVE-2023-45671 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Frigate affects v. before 0.13.0 Beta 3.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Url

Toolbox

-

Vulnerability Overview

Frigate versions prior to 0.13.0 Beta 3 are susceptible to a reflected XSS attack via API endpoints that use the /<camera_name> base path. This vulnerability arises because the application does not properly sanitize user-supplied input in the URL path, allowing attackers to embed malicious scripts.

Vulnerability Details

This XSS vulnerability is exploitable when Frigate is publicly accessible, and the attacker can trick an authenticated user into clicking a specially crafted link. The lack of input sanitization allows the attacker to inject and execute arbitrary JavaScript code in the user's browser session.

Possible Effects

  • Execution of unauthorized JavaScript on the user's browser.
  • Potential theft of sensitive information from authenticated sessions.
  • Manipulation of the user interface to deceive users.

Why Choose S4E

S4E provides a robust platform to identify and mitigate vulnerabilities in real-time. With our scanner:

  • You gain comprehensive insights into potential security threats.
  • We offer detailed recommendations for swift and effective remediation.
  • Enjoy peace of mind with ongoing support and updates to safeguard your systems.

References

Get started to protecting your Free Full Security Scan