CVE-2018-8831

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
References
Link Resource
http://seclists.org/fulldisclosure/2018/Apr/36 Exploit Mailing List Third Party Advisory
https://trac.kodi.tv/ticket/17814 Vendor Advisory
https://www.exploit-db.com/exploits/44487/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:kodi:kodi:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-04-18 17:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-8831

Mitre link : CVE-2018-8831

CVE.ORG link : CVE-2018-8831


JSON object : View

Products Affected

kodi

  • kodi
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')