CVE-2022-25229
N/A
N/A
Summary
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Popcorn Time | 0.4.7 | affected |
Weaknesses
- XSS to RCE
ADP Enrichment
CVE Program Container
Additional References
- https://fluidattacks.com/advisories/bowie/
- https://github.com/popcorn-official/popcorn-desktop/issues/2491
References
- https://fluidattacks.com/advisories/bowie/
- https://github.com/popcorn-official/popcorn-desktop/issues/2491
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.