CVE-2023-23636

Published February 3rd, 2023

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.

jellyfin/jellyfin-web

The Free Software Media System - Official Web Client

GitHub

3.62K