Xbmc
by Xbmc
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-10024 | Hig | 0.47 | — | 0.01 | Aug 5, 2025 | XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can… | ||
| CVE-2018-8831 | Med | 0.47 | 6.1 | 0.54 | Apr 18, 2018 | A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. | ||
| CVE-2023-23082 | Med | 0.00 | 4.6 | 0.01 | Feb 3, 2023 | A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. | ||
| CVE-2021-42917 | Med | 0.00 | 5.5 | 0.02 | Nov 1, 2021 | Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream. | ||
| CVE-2014-3800 | 0.00 | — | 0.00 | Aug 7, 2014 | XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file. |
- risk 0.47cvss —epss 0.01
XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can…
- risk 0.47cvss 6.1epss 0.54
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
- risk 0.00cvss 4.6epss 0.01
A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.
- risk 0.00cvss 5.5epss 0.02
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
- CVE-2014-3800Aug 7, 2014risk 0.00cvss —epss 0.00
XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.