CVE-2022-36223

Name of the Vulnerable Software and Affected Versions Emby Server version 4.6.7.0

Description The issue affects the playlist name field, which is vulnerable to stored XSS. This vulnerability allows for the potential theft of the administrator access token, enabling attackers to either flip or steal the media server administrator account.

Recommendations For Emby Server version 4.6.7.0, consider disabling the playlist name field until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the administrator account and monitor for any suspicious activity to minimize the risk of account theft.