Vulnerability Details CVE-2023-23635
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.9%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/jellyfin/jellyfin-web/issues/3788
- https://herolab.usd.de/security-advisories/
- https://herolab.usd.de/security-advisories/usd-2022-0031/
- https://github.com/jellyfin/jellyfin-web/issues/3788
- https://herolab.usd.de/security-advisories/
- https://herolab.usd.de/security-advisories/usd-2022-0031/
Products affected by CVE-2023-23635
-
cpe:2.3:a:jellyfin:jellyfin:10.8.0
-
cpe:2.3:a:jellyfin:jellyfin:10.8.1
-
cpe:2.3:a:jellyfin:jellyfin:10.8.2
-
cpe:2.3:a:jellyfin:jellyfin:10.8.3