Lucene search
K

5 matches found

SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.6 views

SUSE CVE-2026-42052

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

6CVSS5.7AI score0.003EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-42052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata...

6CVSS5.9AI score0.003EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/04 5:6 p.m.10 views

CVE-2026-42052 beets is Vulnerable to XSS

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...

6CVSS5.7AI score0.003EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

beets 跨站脚本漏洞

Beets is an open-source music collection management and metadata optimization tool developed by Beetbox. Versions of Beets prior to 2.10.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web UI’s use of the Underscore template interpolation pattern for handling...

6CVSS5.7AI score0.003EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/31 7:25 p.m.4 views

CVE-2026-4800

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

9.8CVSS5.9AI score0.01735EPSS
Exploits0
Rows per page
Query Builder