Lucene search
+L

4505 matches found

Packet Storm
Packet Storm
added 2026/06/05 12:0 a.m.62 views

📄 Lyrion Music Server 9.2.0 Arbitrary Directory Listing

Lyrion Music Server version 9.2.0 exposes a readdirectory query through both its CLI service TCP port 9090 and its HTTP JSON-RPC endpoint /jsonrpc.js that takes a folder parameter and lists its contents with no restriction to the configured media directories and no authentication in the default...

6.9CVSS5.7AI score0.00294EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.24 views

PT-2026-46953

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description A path traversal issue exists in the web server context, allowing unauthenticated attackers to read arbitrary files. By manipulating file path parameters, an attacker can access sensitive files...

8.7CVSS5.6AI score0.0064EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.24 views

PT-2026-46952

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

6.9CVSS5.6AI score0.00294EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2026/06/05 12:0 a.m.59 views

📄 Lyrion Music Server 9.2.0 search Cross Site Scripting

Lyrion Music Server version 9.2.0 has advanced search parameters that are stuffed back into the page so the form keeps its values. Several free-text fields do not apply filtering, resulting in reflected cross site scripting. Lyrion Music Server 9.2.0 search. Multiple Script Insertions Vendor: LMS...

6.1CVSS4.4AI score0.00158EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46954

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00158EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.22 views

PT-2026-46950

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated stored cross-site scripting issue exists in the log viewer due to unescaped template variables. This allows attackers to execute arbitrary scripts in users' browsers by injecting...

7.2CVSS5.5AI score0.00183EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2026/06/05 12:0 a.m.65 views

📄 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting

The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provided value that gets logged a crafted URL, User-Agent, stream title, player name becomes persistent cross site scripting. Lyrion Music Server 9.2.0...

7.2CVSS4.4AI score0.00183EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.10 views

Lyrion Music Server 9.2.0 metadata Persistent Cross Site Scripting

Lyrion Music Server version 9.2.0 stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding, resulting in persistent cross site scripting. An attacker who gets a file with a malicious tag into...

7.2CVSS4.3AI score0.00197EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.26 views

PT-2026-46949

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated reflected cross-site scripting issue exists in the 'server.log' endpoint. This allows attackers to inject arbitrary HTML and JavaScript code via the search parameter. By crafting...

6.1CVSS5.2AI score0.00324EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2026/06/05 12:0 a.m.65 views

📄 Lyrion Music Server 9.2.0 Path Traversal / File Read

Lyrion Music Server version 9.2.0 suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server. Lyrion Music Server 9.2.0 Path Traversal File Read Vendor: LMS Community Product web page:...

8.7CVSS5.6AI score0.0064EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.63 views

PT-2026-46951

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description A stored cross-site scripting issue exists where attackers can inject malicious scripts through media file metadata tags, specifically GENRE, ARTIST, and ALBUM. These payloads execute within the we...

7.2CVSS5.2AI score0.00197EPSS
Exploits2References8
Zero Science Lab
Zero Science Lab
added 2026/06/05 12:0 a.m.61 views

Lyrion Music Server 9.2.0 (search.*) Multiple Script Insertions

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

6.1CVSS5.4AI score0.00158EPSS
Exploits2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Lyrion Music Server 路径遍历漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a path traversal vulnerability. This vulnerability allows for the reading of arbitrary files through path traversal techniques...

8.7CVSS8.5AI score0.0064EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.14 views

Lyrion Music Server 安全漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a security vulnerability. This vulnerability stems from an arbitrary directory list vulnerability in the readdirectory function, which could lead to enumerating...

6.9CVSS5.5AI score0.00294EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

Lyrion Music Server 跨站脚本漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability present in the media file metadata tags, which...

7.2CVSS4.9AI score0.00197EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Lyrion Music Server 跨站脚本漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from an unvalidated storage-based cross-site scripting flaw present in the log viewer, which may allow...

7.2CVSS5AI score0.00183EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Lyrion Music Server 跨站脚本漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from an unvalidated reflective cross-site scripting vulnerability present in the server.log endpoint,...

6.1CVSS5.1AI score0.00324EPSS
Exploits2References2
Zero Science Lab
Zero Science Lab
added 2026/06/05 12:0 a.m.68 views

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Stored XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

7.2CVSS5.4AI score0.00183EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2026/06/05 12:0 a.m.70 views

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Reflected XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

6.1CVSS5.6AI score0.00324EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2026/06/05 12:0 a.m.79 views

Lyrion Music Server 9.2.0 Path Traversal File Read

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

8.7CVSS5.5AI score0.0064EPSS
Exploits2
Rows per page
Query Builder