CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46480
https://notcve.org/view.php?id=CVE-2023-46480
An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. Un problema en OwnCast v.0.1.1 permite a un atacante remoto ejecutar código arbitrario y obtener información confidencial a través del parámetro authHost de la función indieauth. • https://github.com/shahzaibak96/CVE-2023-46480 https://github.com/owncast/owncast • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3188 – Server-Side Request Forgery (SSRF) in owncast/owncast
https://notcve.org/view.php?id=CVE-2023-3188
Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncast prior to 0.1.0. • https://github.com/owncast/owncast/commit/f40135dbf28093864482f9662c23e478ea192b16 https://huntr.dev/bounties/0d0d526a-1c39-4e6a-b081-d3914468e495 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3751 – SQL Injection in owncast/owncast
https://notcve.org/view.php?id=CVE-2022-3751
SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. Inyección SQL en el repositorio de GitHub owncast/owncast anterior a 0.0.13. • https://github.com/owncast/owncast/commit/23b6e5868d5501726c27a3fabbecf49000968591 https://huntr.dev/bounties/a04cff99-5d53-45e5-a882-771b0fad62c9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39183 – Unsafe inline XSS Owncast
https://notcve.org/view.php?id=CVE-2021-39183
Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-src is required to be set to blob for the video player. Owncast es un servidor de chat y transmisión de vídeo en directo de código abierto y autoalojado. • https://github.com/owncast/owncast/security/advisories/GHSA-2hfj-cxw7-g45p • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •