{"id":"CVE-2023-47620","summary":"Scrypted reflected Cross-site Scripting vulnerability","details":"Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code.","aliases":["GHSA-xmhh-xrcc-mx36"],"modified":"2026-04-02T09:32:50.868562Z","published":"2023-12-13T21:49:41.624Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/47xxx/CVE-2023-47620.json"},"references":[{"type":"WEB","url":"https://github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts#L45"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/47xxx/CVE-2023-47620.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47620"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2023-218_GHSL-2023-219_scrypted/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/koush/scrypted","events":[{"introduced":"0"},{"last_affected":"0a4336879c1b6c11be955d9b0814591796ba09bc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.55.0"}]}}],"versions":["v0.21.0","v0.23.0","v0.39.0","v0.41.0","v0.50.0","v0.51.0","v0.55.0","v0.6.20","v0.6.22","v0.6.23","v0.6.24","v0.6.26","v0.7.10","v0.7.11","v0.7.12","v0.7.13","v0.7.15","v0.7.16","v0.7.27","v0.7.28","v0.7.32","v0.7.35","v0.7.36","v0.7.37","v0.7.4","v0.7.40","v0.7.41","v0.7.42","v0.7.44","v0.7.45","v0.7.46","v0.7.5","v0.7.51","v0.7.52","v0.7.53","v0.7.6","v0.7.7","v0.7.77","v0.7.8","v0.7.80","v0.7.81","v0.7.84","v0.7.85","v0.7.9","v0.7.90","v0.7.92","v0.7.94","v0.7.95","v0.7.97"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47620.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}