exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2026-25578

5 дней назад

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched in version 0.60.0.

CVSS3: 6.1

EPSS: Низкий

GHSA-rh3r-8pxm-hg4w

5 дней назад

Navidrome has XSS via comment from song metadata

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2026-25578 Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched in version 0.60.0.	CVSS3: 6.1	0% Низкий	5 дней назад
	GHSA-rh3r-8pxm-hg4w Navidrome has XSS via comment from song metadata	CVSS3: 6.1	0% Низкий	5 дней назад

Уязвимостей на страницу