What is CVE-2023-41895?

CVE-2023-41895 is a high-severity vulnerability in Home-assistant Core, classified under Cross-site Scripting. CVSS score: 8.8/10. Published 2023-10-19.

How severe is CVE-2023-41895?

High severity. CVSS v3 base score is 8.8 out of 10.

XSS in Home-assistant Core

CVE-2023-41895

Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the `redirect_uri` and `client_id` parameters. Although…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (66.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Home-assistant Core — versions < 2023.9.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/home-assistant/core/security/advisories/GHSA-jvxq-x42r-f7mv (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2023-41895?: CVE-2023-41895 is a high-severity vulnerability in Home-assistant Core, classified under Cross-site Scripting. CVSS score: 8.8/10. Published 2023-10-19.
How severe is CVE-2023-41895?: High severity. CVSS v3 base score is 8.8 out of 10.