Vulnerabilities > Tasmota Project

DATE CVE VULNERABILITY TITLE RISK
2023-01-09 CVE-2021-36603 Cross-site Scripting vulnerability in Tasmota Project Tasmota 6.5.0
Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1".
network
low complexity
tasmota-project CWE-79
6.1
2022-11-14 CVE-2022-43294 Out-of-bounds Write vulnerability in Tasmota Project Tasmota
Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp.
network
low complexity
tasmota-project CWE-787
critical
9.8