Security Advisory

CVE-2022-25229

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-20 11:01:18

Last updated 2024-08-03 04:36:06

Assigner Fluid Attacks

State PUBLISHED

Description

Popcorn Time 0.4.7 has a Stored XSS in the Movies API Server(s) field via the settings page. The nodeIntegration configuration is set to on which allows the webpage to use NodeJs features, an attacker can leverage this to run OS commands.

← Browse all CVEs View on cve.org ↗