Home Assistant has stored XSS in history-graphs

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones (imported/included from Android Auto it appears) is vulnerable cross-site scripting, similar to CVE-2025-62172. Version 2026.01 fixes the issue.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Home Assistant 跨站脚本漏洞

Home Assistant是Home Assistant开源的一套开源的家庭自动化管理系统。该系统主要用于控制家庭自动化设备。 Home Assistant 2025.02版本至2026.01之前版本存在跨站脚本漏洞，该漏洞源于手机剩余充电时间传感器存在跨站脚本漏洞，可能导致类似CVE-2025-62172的攻击。

N/A

N/A