4 matches found
EUVD-2023-34993
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper escape of device id in raw HTML, which can be used to make arbitrary calls to the...
CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution
Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...
CVE-2023-30626
Jellyfin 10.8.x prior to 10.8.10 is affected by a directory traversal vulnerability in the ClientLogController (/ClientLog/Document). The issue can be combined with a stored XSS in jellyfin-web (CVE-2023-30627) to enable file write and potential remote code execution, with exploitation tied to cl...