CVE-2017-16782

NONE EPSS 51.1%
Published Nov 10, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 10, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.

Threat Intelligence

EPSS Exploit Probability
51.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
home-assistanthome-assistant* ≤0.56.2

References 1

  • github.com https://github.com/home-assistant/home-assistant-polymer/pull/514
    Issue TrackingPatchThird Party Advisory

Remediation

  • github.com https://github.com/home-assistant/home-assistant-polymer/pull/514
    Issue TrackingPatchThird Party Advisory