Michael-Tyl

**Name of the Vulnerable Software and Affected Versions** Audiobookshelf versions prior to 0.12.0-beta **Description** Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) issue exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application. This allows arbitrary JavaScript execution through malicious library metadata. An attacker with library modification privileges can execute code in a victim user’s browser or WebView, potentially leading to session hijacking, data exfiltration, and unauthorized access to native device APIs. **Recommendations** Update to version 0.12.0-beta or later.

**Name of the Vulnerable Software and Affected Versions** Audiobookshelf versions prior to 2.32.0 **Description** Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) issue exists that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browsers, potentially leading to session hijacking and data exfiltration. **Recommendations** Update to version 2.32.0 or later.

**Name of the Vulnerable Software and Affected Versions** Audiobookshelf versions prior to 0.12.0-beta **Description** Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) issue exists in versions of the Audiobookshelf mobile application prior to version 0.12.0-beta. This allows for the execution of arbitrary JavaScript through manipulated library metadata. An attacker who has the ability to modify library information, or control a malicious podcast RSS feed, can execute code within a victim’s WebViews. This could potentially lead to session hijacking, data exfiltration, and unauthorized access to native device APIs. **Recommendations** Update to version 0.12.0-beta or later.