Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.5 views

CVE-2026-25578

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...

6.1CVSS5.1AI score0.00297EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:58 p.m.5 views

CVE-2026-25578

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...

6.1CVSS5.1AI score0.00297EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/04 12:12 a.m.3 views

GHSA-RH3R-8PXM-HG4W Navidrome has XSS via comment from song metadata

Summary An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. An attacker's maliciously crafted song has to be added to Navidrome to exploit the vulnerability. Details The frontend is using React. In...

6.1CVSS5.7AI score0.00297EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/02/04 12:12 a.m.12 views

Navidrome has XSS via comment from song metadata

Summary An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. An attacker's maliciously crafted song has to be added to Navidrome to exploit the vulnerability. Details The frontend is using React. In...

6.1CVSS5.6AI score0.00297EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.3 views

PT-2026-6325

Name of the Vulnerable Software and Affected Versions Navidrome versions prior to 0.60.0 Description Navidrome is a web-based music collection server and streamer. A cross-site scripting issue exists in the frontend that allows a malicious attacker to inject code through the comment metadata of a...

6.1CVSS5AI score0.00297EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.5 views

PT-2024-39871 · Unknown · Download Plugin

Name of the Vulnerable Software and Affected Versions: Download Plugin versions up to, and including, 2.2.0 Description: The issue allows authenticated attackers with Subscriber-level access and above to download any comment and metadata for any user, including sensitive information such as...

6.5CVSS6.3AI score0.00406EPSS
Exploits0References10
Rows per page
Query Builder