kodi: Persistent Cross-Site Scripting (CVE-2018-8831)
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through
17.6 that allows the execution
of arbitrary HTML/script code in the context of the victim user’s
browser via a playlist.
References:
http://seclists.org/fulldisclosure/2018/Apr/36
https://nvd.nist.gov/vuln/detail/CVE-2018-8831
(from redmine: issue id 8844, created on 2018-04-26)
- Relations:
- copied_to #8845
- copied_to #8846
- child #8845
- child #8846