CVE-2026-49220

CVE-2026-49220 affects Jellyfin up to version 10.11.8, where a vulnerability in the AuthenticateByName flow allows a non-privileged user to inject HTML/JavaScript in the Client header that executes in an Administrative user session when accessing a user’s detail from the dashboard. This is a user...

Cross site scripting

Cross-site scripting XSS vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access...

Drupal Camtasia Relay Module Meta Access Tab Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP.Camtasia Relay Module for Drupal is a module application for Drupal. Drupal Camtasia Relay Module for Drupal handles Meta access tags with a cross-site scripting vulnerability that allows remote attackers to exploit the...

Camtasia Relay - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-100

This module enables you to integrate your Drupal site with TechSmith Relay software. The module doesn't sufficiently sanitize user input under the meta access tab. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "view meta information". CVE...