What is CVE-2023-1384?

CVE-2023-1384 is a medium-severity vulnerability in Amazon Fire Tv Stick 3rd Gen, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 4.3/10. Published 2023-05-03.

How severe is CVE-2023-1384?

Medium severity. CVSS v3 base score is 4.3 out of 10.

XSS in Amazon Fire Tv Stick 3rd Gen

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV wit…

EPSS: 0.004 (62.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Amazon Fire Tv Stick 3rd Gen — versions 6.2.9.4
Insignia Tv With Fireos — versions 7.6.3.2

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-i…

Frequently asked questions

What is CVE-2023-1384?: CVE-2023-1384 is a medium-severity vulnerability in Amazon Fire Tv Stick 3rd Gen, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 4.3/10. Published 2023-05-03.
How severe is CVE-2023-1384?: Medium severity. CVSS v3 base score is 4.3 out of 10.