Emby: >> Emby >> 3.0.5441.2 Security Vulnerabilities
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-06-28
Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-06-28
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
CVSS Score
9.8
EPSS Score
0.9
Published
2020-10-10