Описание
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched in version 0.60.0.
EPSS
Процентиль: 4%
0.00017
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
EPSS
Процентиль: 4%
0.00017
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79