Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8831 — Cross-site Scripting in Kodi

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

22.9%

top 4.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Kodi Debian Kodi

Timeline

PublishedApr 18

Latest updateMay 14

Description

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDkodi/kodi17.6

▶debiandebian/kodi

🔴Vulnerability Details

GHSA

GHSA-h8r8-r3f3-wmh3: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17↗2022-05-14

▶

OSV

CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17↗2018-04-18

▶

💥Exploits & PoCs

Exploit-DB

Kodi 17.6 - Persistent Cross-Site Scripting↗2018-04-18

▶

📋Vendor Advisories

Debian

CVE-2018-8831: kodi - A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that ...↗2018

▶