Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the ‘Add Asset’ page via manipulation of a ‘URL’ field, which could let a remote malicious user execute arbitrary code.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21101
Reference (s):
- https://github.com/Screenly/screenly-ose/issues/1254