Описание
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| jellyfin | itp | package |
EPSS
Процентиль: 69%
0.00616
Низкий
Связанные уязвимости
CVSS3: 5.4
nvd
около 3 лет назад
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.
CVSS3: 5.4
github
около 3 лет назад
Jellyfin Web Cross-Site Scripting (XSS) via Collection Name
EPSS
Процентиль: 69%
0.00616
Низкий