Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. The stored XSS will be triggered in the "Application list" page.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NLinuxserver Heimdall Application Dashboard
APPLinuxserver≤ 2.5.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS