beets-2.11.0-1.1 on GA media (moderate)

beets-2.11.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10865-1 Rating: moderate Cross-References: CVE-2026-42052 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the beets-2.11.0-1.1...

OPENSUSE-SU-2026:10865-1 beets-2.11.0-1.1 on GA media

These are all security issues fixed in the beets-2.11.0-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

Linux Distros Unpatched Vulnerability : CVE-2026-42052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata...

CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

DEBIAN-CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

UBUNTU-CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

CVE-2026-42052 beets is Vulnerable to XSS

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

CVE-2026-42052

Beets prior to v2.10.0 is vulnerable to Cross‑Site Scripting via the bundled web UI. The issue stems from using Underscore template interpolation for untrusted metadata fields, which is treated as raw insertion, while escaping is only applied by . Rendered output is inserted into the DOM with .h...

CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

EUVD-2026-27055

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

CVE-2026-42052 beets is Vulnerable to XSS

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

beets 跨站脚本漏洞

Beets is an open-source music collection management and metadata optimization tool developed by Beetbox. Versions of Beets prior to 2.10.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web UI’s use of the Underscore template interpolation pattern for handling...

beets has a Cross-site Scripting vulnerability

During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...

GHSA-3GXM-WFJX-M847 beets has a Cross-site Scripting vulnerability

During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...

Cross-site Scripting (XSS)

Overview beets is a media library management system for obsessive music geeks. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the included index.html template. An attacker can execute scripts in a victim’s browser by supplying crafted music metadata fields su...

beetcamp (>=0.19.1 <=0.19.2), beets-audible (=1.0.0) potentially affected by CVE-2026-42052 via beets (=2.0.0)

beets PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on beets and may be impacted: - beetcamp =0.19.1, =0.19.2 - beets-audible =1.0.0 Source cves: CVE-2026-42052 Source advisory: SNYK:PYTHON-BEETS-16415917...