3 matches found
CVE-2023-23636
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...
CVE-2023-23636
CVE-2023-23636 affects Jellyfin 10.8.x (through 10.8.3) where the playlist name is vulnerable to stored XSS, enabling an attacker to exfiltrate access tokens from the victim’s localStorage. The issue is documented across multiple sources (nvd, Red Hat advisory RH, GHSA, osv, cve-list) confirming ...
CVE-2023-23636
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...