CVE-2022-25229

Published: 2022-05-20T11:15Z

Last Modified: 2024-11-21T06:51Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt