Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 03 Jun 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jpettitt meshcore Card
|
|
| CPEs | cpe:2.3:a:jpettitt:meshcore_card:*:*:*:*:*:home_assistant:*:* | |
| Vendors & Products |
Jpettitt meshcore Card
|
Fri, 29 May 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 29 May 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jpettitt
Jpettitt meshcore-card |
|
| Vendors & Products |
Jpettitt
Jpettitt meshcore-card |
Thu, 28 May 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect (repeated) radio range to execute arbitrary javascript in the Home Assistant frontend of anyone viewing the card. This vulnerability is fixed in 0.3.3. | |
| Title | MeshCore Card: XSS vulnerability through meshcore node name | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-05-29T15:30:28.175Z
Reserved: 2026-05-11T20:50:30.539Z
Link: CVE-2026-45323
Updated: 2026-05-29T15:30:17.821Z
Status : Analyzed
Published: 2026-05-28T18:16:35.300
Modified: 2026-06-03T18:34:42.447
Link: CVE-2026-45323
No data.
OpenCVE Enrichment
Updated: 2026-05-29T15:48:15Z