Lucene search
K

12 matches found

CVE
CVE
added 2026/06/01 1:15 p.m.25 views

CVE-2026-48559

CVE-2026-48559 affects Lightweight Music Server (LMS) up to version 3.76.0. The vulnerability is a stored cross-site scripting (XSS) that lets an attacker cause JavaScript execution in the web interface by embedding malicious HTML in media file metadata fields (GENRE, ARTIST, ALBUM). The payload ...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/01 1:15 p.m.13 views

CVE-2026-48559 Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45437

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-15868

Malware in sbrugna...

5.4CVSS5.7AI score0.03016EPSS
Exploits1References13
OSV
OSV
added 2017/03/12 1:59 a.m.21 views

CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

5.4CVSS5.9AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2017/03/12 1:59 a.m.27 views

CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

5.4CVSS6.5AI score0.03016EPSS
Exploits1References6
Prion
Prion
added 2017/03/12 1:59 a.m.18 views

Cross site scripting

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

3.5CVSS5.2AI score0.03016EPSS
Exploits1References9Affected Software2
OSV
OSV
added 2017/03/12 1:59 a.m.13 views

UBUNTU-CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

5.4CVSS6.4AI score0.03016EPSS
Exploits1References7
Cvelist
Cvelist
added 2017/03/12 1:0 a.m.30 views

CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

5.5AI score0.03016EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2017/03/12 1:0 a.m.57 views

CVE-2017-6814

In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist shortcode in the wpplaylistshortcode function in wp-includes/media.php and 2 mishandling of meta information in the renderTracks function ...

5.4CVSS2.6AI score0.03016EPSS
Exploits1
CVE
CVE
added 2017/03/12 1:0 a.m.171 views

CVE-2017-6814

CVE-2017-6814 affects WordPress

5.4CVSS5.4AI score0.03016EPSS
Exploits1References9Affected Software1
ThreatPost
ThreatPost
added 2017/03/07 3:40 p.m.11 views

WordPress 4.7.3 Patches Half-Dozen Vulnerabilities

WordPress released a security update on Tuesday that patched a half-dozen bugs, including one that could be chained with the recent REST API Endpoint flaw that led to a million website defacements. Given that the bug was introduced in WordPress 4.7 and the availability of a patch that backports...

0.1AI score
Exploits0References4
Rows per page
Query Builder