14 matches found
CVE-2026-50232
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...
CVE-2026-50232
Lyrion Music Server 9.2.0 is affected by a stored XSS vulnerability via media metadata tags (GENRE, ARTIST, ALBUM). The issue allows an attacker to craft files containing XSS payloads in metadata that execute in the web interface when users view track information or play files, potentially enabli...
EUVD-2026-34831
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...
CVE-2026-50232 Lyrion Music Server 9.2.0 Stored XSS via Metadata Tags
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...
PT-2026-46951
Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description A stored cross-site scripting issue exists where attackers can inject malicious scripts through media file metadata tags, specifically GENRE, ARTIST, and ALBUM. These payloads execute within the we...
CVE-2026-48559
Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...
CVE-2026-48559
Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...
CVE-2026-48559 Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags
Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...
EUVD-2026-33640
Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...
PT-2026-45437
Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...
SUSE CVE-2004-1302
The id3tagsort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag...
Winamp Ultravox streaming metadata artist tag buffer overflow
Added: 02/04/2008 CVE: CVE-2008-0065 BID: 27344 OSVDB: 41707 Background Winamp is a media player for Windows. Problem A buffer overflow vulnerability in the inmp3.dll library when parsing Ultravox streaming metadata allows command execution when a user opens a stream containing a long, specially...
CVE-2004-1302
The id3tagsort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag...
yamt -- arbitrary command execution vulnerability
Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tagsort routine which does not properly sanitize the artist tag from the...