3 matches found
CVE-2025-46338
creationtimestamp| type| source ---|---|--- 2025-04-29 05:11:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13788 2025-04-29 07:50:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnwsbubr4z2b 2025-04-29 08:28:15+00:00| seen|...
CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...
CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...