CVE-2018-8831

CVE-2018-8831

Name

CVE-2018-8831

Description

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://trac.kodi.tv/ticket/17814
Exploit	http://seclists.org/fulldisclosure/2018/Apr/36
Exploit	https://www.exploit-db.com/exploits/44487/

Type

URI

Vendor Advisory

https://trac.kodi.tv/ticket/17814

Exploit

http://seclists.org/fulldisclosure/2018/Apr/36

Exploit

https://www.exploit-db.com/exploits/44487/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:kodi:kodi::::::::`	kodi	>= None	<= 17.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:kodi:kodi:*:*:*:*:*:*:*:*

kodi

>= None

<= 17.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
kodi	edge-community	18.2-r0	None	fixed
kodi	3.22-community	18.2-r0	None	fixed
kodi	3.21-community	18.2-r0	None	fixed
kodi	3.20-community	18.2-r0	None	fixed
kodi	3.19-community	18.2-r0	None	fixed
kodi	3.18-community	18.2-r0	None	fixed
kodi	3.17-community	18.2-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

kodi

edge-community

18.2-r0

None

fixed

kodi

3.22-community