10 matches found
CVE-2026-27974
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...
CVE-2026-27973
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library...
CVE-2026-27974 Audiobooksheld VUlnerable to Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player)
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...
CVE-2026-27974
Audiobookshelf mobile app vulnerable to cross-site scripting (XSS) in all pre-0.12.0-beta versions. Malicious library metadata can execute JavaScript in victim WebViews when an attacker has library modification privileges or controls a malicious podcast RSS feed, potentially enabling session hija...
CVE-2026-27974 Audiobooksheld VUlnerable to Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player)
Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...
CVE-2026-27973 Audiobookshelf has Stored XSS in ItemSearchCard.vue via Audiobook Metadata (Search Results on Mobile App)
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library...
CVE-2026-27973
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library...
CVE-2026-27973 Audiobookshelf has Stored XSS in ItemSearchCard.vue via Audiobook Metadata (Search Results on Mobile App)
Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library...
PT-2026-22119
Name of the Vulnerable Software and Affected Versions Audiobookshelf versions prior to 0.12.0-beta Description Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS issue exists in versions of the Audiobookshelf mobile application prior to version 0.12.0-beta...
PT-2026-22111
Name of the Vulnerable Software and Affected Versions Audiobookshelf versions prior to 0.12.0-beta Description Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS issue exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application. Th...