10 matches found
CVE-2026-27963
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification...
CVE-2026-27963
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification...
CVE-2026-27974
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...
CVE-2026-27973
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library...
CVE-2026-27974 Audiobooksheld VUlnerable to Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player)
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...
CVE-2026-27974 Audiobooksheld VUlnerable to Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player)
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...
CVE-2026-27963
Audiobookshelf (web application) prior to version 2.32.0 is affected by a stored XSS vulnerability via malicious library metadata. Attackers with library modification privileges can inject JS code that runs in victims’ browsers, potentially enabling session hijacking and data exfiltration. A fix ...
CVE-2026-27963 Audiobookshelf has Stored XSS in Tooltip.vue via Audiobook Metadata
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification...
EUVD-2026-8823
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library...
Information Disclosure
github.com/aws/aws-sdk-go is vulnerable to information disclosure. The vulnerability exists due to the unencrypted md5 plaintext hash in the library's metadata, allowing an attacker who has read access to the encrypted S3 bucket to recover the plaintext without accessing the encryption key...