PT-2023-19095 · Jellyfin · Jellyfin
Christian Pöschl
·
Publicado
2023-02-03
·
Atualizado
2025-03-26
·
CVE-2023-23635
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jellyfin versions 10.8.x through 10.8.3
Description
The issue concerns stored XSS in the name of a collection. This allows an attacker to steal access tokens from the localStorage of the victim.
Recommendations
For Jellyfin versions 10.8.x through 10.8.3, consider restricting the ability to edit collection names to prevent potential exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jellyfin