Home > Vulnerability Database > CVE-2024-29193

Mend.io Vulnerability Database

CVE-2024-29193

Good to know:

Date: April 4, 2024

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page ("index.html") shows the available streams by fetching the API in the client side. Then, it uses "Object.entries" to iterate over the result whose first item ("name") gets appended using "innerHTML". In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc’s origin. As of time of publication, no patch is available.

Language: Go

Severity Score

6.1

Related Resources (7)

Url: https://github.com/AlexxIT/go2rtc

Url: https://github.com/AlexxIT/go2rtc/commit/3b3d5b033aac3a019af64f83dec84f70ed2c8aba

Url: https://github.com/advisories/GHSA-rh4r-f7f7-r99m

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29193

Url: https://securitylab.github.com/advisories/GHSL-2023-205_GHSL-2023-207_go2rtc/

Url: https://securitylab.github.com/advisories/GHSL-2023-205_GHSL-2023-207_go2rtc

Url: https://www.mend.io/vulnerability-database/CVE-2024-29193

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version github.com/AlexxIT/go2rtc - v1.9.0

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29193

Good to know:

Date: April 4, 2024

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?