Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by popcorn_time_project

    CVE-2022-25229 (GCVE-0-2022-25229)

    Vulnerability from nvd – Published: 2022-05-20 11:01 – Updated: 2024-08-03 04:36
    VLAI
    Summary
    Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.
    Severity
    No CVSS data available.
    CWE
    • XSS to RCE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Popcorn Time Affected: 0.4.7
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:36:06.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fluidattacks.com/advisories/bowie/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/popcorn-official/popcorn-desktop/issues/2491"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Popcorn Time",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.4.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Popcorn Time 0.4.7 has a Stored XSS in the \u0027Movies API Server(s)\u0027 field via the \u0027settings\u0027 page. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS to RCE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-20T20:13:48.000Z",
            "orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
            "shortName": "Fluid Attacks"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fluidattacks.com/advisories/bowie/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/popcorn-official/popcorn-desktop/issues/2491"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "help@fluidattacks.com",
              "ID": "CVE-2022-25229",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Popcorn Time",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "0.4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Popcorn Time 0.4.7 has a Stored XSS in the \u0027Movies API Server(s)\u0027 field via the \u0027settings\u0027 page. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS to RCE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fluidattacks.com/advisories/bowie/",
                  "refsource": "MISC",
                  "url": "https://fluidattacks.com/advisories/bowie/"
                },
                {
                  "name": "https://github.com/popcorn-official/popcorn-desktop/issues/2491",
                  "refsource": "MISC",
                  "url": "https://github.com/popcorn-official/popcorn-desktop/issues/2491"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
        "assignerShortName": "Fluid Attacks",
        "cveId": "CVE-2022-25229",
        "datePublished": "2022-05-20T11:01:18.000Z",
        "dateReserved": "2022-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:36:06.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25229 (GCVE-0-2022-25229)

    Vulnerability from cvelistv5 – Published: 2022-05-20 11:01 – Updated: 2024-08-03 04:36
    VLAI
    Summary
    Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.
    Severity
    No CVSS data available.
    CWE
    • XSS to RCE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Popcorn Time Affected: 0.4.7
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:36:06.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://fluidattacks.com/advisories/bowie/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/popcorn-official/popcorn-desktop/issues/2491"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Popcorn Time",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.4.7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Popcorn Time 0.4.7 has a Stored XSS in the \u0027Movies API Server(s)\u0027 field via the \u0027settings\u0027 page. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS to RCE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-20T20:13:48.000Z",
            "orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
            "shortName": "Fluid Attacks"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://fluidattacks.com/advisories/bowie/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/popcorn-official/popcorn-desktop/issues/2491"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "help@fluidattacks.com",
              "ID": "CVE-2022-25229",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Popcorn Time",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "0.4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Popcorn Time 0.4.7 has a Stored XSS in the \u0027Movies API Server(s)\u0027 field via the \u0027settings\u0027 page. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS to RCE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://fluidattacks.com/advisories/bowie/",
                  "refsource": "MISC",
                  "url": "https://fluidattacks.com/advisories/bowie/"
                },
                {
                  "name": "https://github.com/popcorn-official/popcorn-desktop/issues/2491",
                  "refsource": "MISC",
                  "url": "https://github.com/popcorn-official/popcorn-desktop/issues/2491"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
        "assignerShortName": "Fluid Attacks",
        "cveId": "CVE-2022-25229",
        "datePublished": "2022-05-20T11:01:18.000Z",
        "dateReserved": "2022-02-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:36:06.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }