Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2025/05/23 4:15 a.m.9 views

CVE-2023-30627

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

9CVSS6.8AI score0.01972EPSS
Exploits3References1
circl
circl
added 2023/04/25 12:19 a.m.9 views

CVE-2023-30627

creationtimestamp| type| source ---|---|--- 2023-04-25 00:19:33+00:00| seen| https://t.me/cibsecurity/62768 2023-04-25 00:19:37+00:00| seen| https://t.me/cibsecurity/62771...

9CVSS6.4AI score0.01281EPSS
Exploits1References2
nvd
nvd
added 2023/04/24 9:15 p.m.24 views

CVE-2023-30627

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

9CVSS8.2AI score0.01281EPSS
Exploits1References4
prion
prion
added 2023/04/24 9:15 p.m.19 views

Directory traversal

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

5.5CVSS6.7AI score0.01972EPSS
Exploits3References6Affected Software1
vulnrichment
vulnrichment
added 2023/04/24 8:7 p.m.5 views

CVE-2023-30627 jellyfin-web has a stored cross-site scripting vulnerability in devices.js

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

9CVSS8.5AI score0.01281EPSS
Exploits1References4
cve
cve
added 2023/04/24 8:7 p.m.56 views

CVE-2023-30627

Summary: CVE-2023-30627 is a stored XSS in jellyfin-web (device.js) affecting Jellyfin web client versions 10.1.0 up to, but not including, 10.8.10. Exploitation lets an attacker covertly call REST endpoints with admin privileges, and when chained with CVE-2023-30626 this can lead to remote code ...

9CVSS6.7AI score0.01281EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2023/04/24 8:7 p.m.37 views

CVE-2023-30627 jellyfin-web has a stored cross-site scripting vulnerability in devices.js

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

9CVSS8.9AI score0.01281EPSS
Exploits1References4
Rows per page
Query Builder