Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that entity. It requires that the victim hovers over an information point. Version 2026.01 fixes the issue.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XHome Assistant
APPHome-Assistant2020.02 – 2026.1.0 (bez)
Powiązane podatności
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentic...
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 202...
Home Assistant is open source home automation software that puts local control and privacy first. Starting in ...
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers...
Home assistant is an open source home automation. The Home Assistant login page allows users to use their loca...