Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Home Assistant has stored XSS in Map-card through malicious device name
Vulnerability Description
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that entity. It requires that the victim hovers over an information point. Version 2026.01 fixes the issue.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Home Assistant 跨站脚本漏洞
Vulnerability Description
Home Assistant是Home Assistant开源的一套开源的家庭自动化管理系统。该系统主要用于控制家庭自动化设备。 Home Assistant 2020.02版本至2026.01之前版本存在跨站脚本漏洞,该漏洞源于经过身份验证的方可以向其设备实体添加恶意名称,可能导致对能够看到包含该实体的带有地图卡片仪表板的任何人进行跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A