MidnightBSD

Advisories for screenly

CVE-2020-21101 LOW

Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
screenly screenly 0.9
screenly screenly 0.11
screenly screenly 0.16
screenly screenly 0.18
screenly screenly 0.17
screenly screenly 0.10
screenly screenly 0.15.1
screenly screenly 0.12.1
screenly screenly 0.18.1
screenly screenly 0.13
screenly screenly 0.14
screenly screenly 0.9.1
screenly screenly 0.12
screenly screenly 0.18.2
screenly screenly 0.15