CVE-2023-45671 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Frigate affects v. before 0.13.0 Beta 3.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
Vulnerability Overview
Frigate versions prior to 0.13.0 Beta 3 are susceptible to a reflected XSS attack via API endpoints that use the /<camera_name>
base path. This vulnerability arises because the application does not properly sanitize user-supplied input in the URL path, allowing attackers to embed malicious scripts.
Vulnerability Details
This XSS vulnerability is exploitable when Frigate is publicly accessible, and the attacker can trick an authenticated user into clicking a specially crafted link. The lack of input sanitization allows the attacker to inject and execute arbitrary JavaScript code in the user's browser session.
Possible Effects
- Execution of unauthorized JavaScript on the user's browser.
- Potential theft of sensitive information from authenticated sessions.
- Manipulation of the user interface to deceive users.
Why Choose S4E
S4E provides a robust platform to identify and mitigate vulnerabilities in real-time. With our scanner:
- You gain comprehensive insights into potential security threats.
- We offer detailed recommendations for swift and effective remediation.
- Enjoy peace of mind with ongoing support and updates to safeguard your systems.