{"containers":{"cna":{"affected":[{"product":"Popcorn Time","vendor":"n/a","versions":[{"status":"affected","version":"0.4.7"}]}],"descriptions":[{"lang":"en","value":"Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands."}],"problemTypes":[{"descriptions":[{"description":"XSS to RCE","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-05-20T20:13:48.000Z","orgId":"84fe0718-d6bb-4716-a7e8-81a6d1daa869","shortName":"Fluid Attacks"},"references":[{"tags":["x_refsource_MISC"],"url":"https://fluidattacks.com/advisories/bowie/"},{"tags":["x_refsource_MISC"],"url":"https://github.com/popcorn-official/popcorn-desktop/issues/2491"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"help@fluidattacks.com","ID":"CVE-2022-25229","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Popcorn Time","version":{"version_data":[{"version_value":"0.4.7"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"XSS to RCE"}]}]},"references":{"reference_data":[{"name":"https://fluidattacks.com/advisories/bowie/","refsource":"MISC","url":"https://fluidattacks.com/advisories/bowie/"},{"name":"https://github.com/popcorn-official/popcorn-desktop/issues/2491","refsource":"MISC","url":"https://github.com/popcorn-official/popcorn-desktop/issues/2491"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T04:36:06.674Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://fluidattacks.com/advisories/bowie/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/popcorn-official/popcorn-desktop/issues/2491"}]}]},"cveMetadata":{"assignerOrgId":"84fe0718-d6bb-4716-a7e8-81a6d1daa869","assignerShortName":"Fluid Attacks","cveId":"CVE-2022-25229","datePublished":"2022-05-20T11:01:18.000Z","dateReserved":"2022-02-15T00:00:00.000Z","dateUpdated":"2024-08-03T04:36:06.674Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}