GSD-2022-25229
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-25229",
"description": "Popcorn Time 0.4.7 has a Stored XSS in the \u0027Movies API Server(s)\u0027 field via the \u0027settings\u0027 page. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands.",
"id": "GSD-2022-25229"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-25229"
],
"details": "Popcorn Time 0.4.7 has a Stored XSS in the \u0027Movies API Server(s)\u0027 field via the \u0027settings\u0027 page. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands.",
"id": "GSD-2022-25229",
"modified": "2023-12-13T01:19:26.317614Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-25229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Popcorn Time",
"version": {
"version_data": [
{
"version_value": "0.4.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Popcorn Time 0.4.7 has a Stored XSS in the \u0027Movies API Server(s)\u0027 field via the \u0027settings\u0027 page. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS to RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/bowie/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/bowie/"
},
{
"name": "https://github.com/popcorn-official/popcorn-desktop/issues/2491",
"refsource": "MISC",
"url": "https://github.com/popcorn-official/popcorn-desktop/issues/2491"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:popcorn_time_project:popcorn_time:0.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-25229"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Popcorn Time 0.4.7 has a Stored XSS in the \u0027Movies API Server(s)\u0027 field via the \u0027settings\u0027 page. The \u0027nodeIntegration\u0027 configuration is set to on which allows the \u0027webpage\u0027 to use \u0027NodeJs\u0027 features, an attacker can leverage this to run OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/bowie/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/bowie/"
},
{
"name": "https://github.com/popcorn-official/popcorn-desktop/issues/2491",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/popcorn-official/popcorn-desktop/issues/2491"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
},
"lastModifiedDate": "2022-05-31T14:30Z",
"publishedDate": "2022-05-20T11:15Z"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…