4 matches found
CVE-2026-40349 Authenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=true
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...
CVE-2026-40348
Movary contains an authenticated SSRF vulnerability present before version 0.71.1. An ordinary authenticated user can trigger server-side requests by sending a user-controlled URL to POST /settings/jellyfin/server-url-verify, which appends /system/info/public and causes the server to issue a requ...
CVE-2026-23841
CVE-2026-23841 — Movary, a web app for tracking movie history, is vulnerable to cross-site scripting due to insufficient input validation in the vulnerable parameter ?categoryCreated=. Affected: Movary versions prior to 0.70.0. Impact: ability to trigger XSS payloads (high risk per citations). Fi...
EUVD-2025-37040
Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and...