Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Popcorn Time 跨站脚本漏洞
Vulnerability Description
Popcorn Time是一个多平台的免费软件 BitTorrent 客户端。 Popcorn Time 0.4.7 版本存在安全漏洞,该漏洞源于 setting 页面 Movies API Server(s) 字段可以注入存储型跨站脚本。nodeIntegration 配置设置为允许 webpage 使用 NodeJs 功能,攻击者可以利用它来运行操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A