Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2023-30627
HistoryApr 24, 2023 - 9:15 p.m.

CVE-2023-30627

2023-04-2421:15:09
Google
osv.dev
5
jellyfin
cross-site scripting
vulnerability
remote code execution
patch

CVSS3

9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

49.9%

JSON

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who’s running it. This issue is patched in version 10.8.10. There are no known workarounds.

Related

cvelist 2
prion 2
cve 2
nvd 2
osv 2
nessus 1
freebsd 1
github 1
veracode 1
cvelist
cvelist
CVE-2023-30627 jellyfin-web has a stored cross-site scripting vulnerability in devices.js
2023-04-24 20:07:27
CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution
2023-04-24 20:06:39
prion
prion
Directory traversal
2023-04-24 21:15:00
Cross site scripting
2023-04-24 21:15:00
cve
cve
CVE-2023-30627
2023-04-24 21:15:09
CVE-2023-30626
2023-04-24 21:15:09
nvd
nvd
CVE-2023-30626
2023-04-24 21:15:09
CVE-2023-30627
2023-04-24 21:15:09
osv
osv
Directory traversal + file write causing arbitrary code execution
2023-04-24 22:39:03
CVE-2023-30626
2023-04-24 21:15:09
nessus
nessus
FreeBSD : jellyfin -- Multiple vulnerabilities (4ee322e9-e363-11ed-b934-b42e991fc52e)
2023-04-25 00:00:00
freebsd
freebsd
jellyfin -- Multiple vulnerabilities
2023-04-24 00:00:00
github
github
Directory traversal + file write causing arbitrary code execution
2023-04-24 22:39:03
veracode
veracode
Path Traversal
2023-05-01 14:49:16

CVSS3

9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

49.9%

JSON
Related for OSV:CVE-2023-30627
cvelist2prion2cve2nvd2osv2nessus1freebsd1github1veracode1