VYPR

Xbmc

by Xbmc

Source repositories

CVEs (5)

  • CVE-2012-10024HigAug 5, 2025
    risk 0.47cvss epss 0.01

    XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can…

  • CVE-2018-8831MedApr 18, 2018
    risk 0.47cvss 6.1epss 0.54

    A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.

  • CVE-2023-23082MedFeb 3, 2023
    risk 0.00cvss 4.6epss 0.01

    A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.

  • CVE-2021-42917MedNov 1, 2021
    risk 0.00cvss 5.5epss 0.02

    Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.

  • CVE-2014-3800Aug 7, 2014
    risk 0.00cvss epss 0.00

    XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.