CVE-2022-36223

In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.
Configurations

Configuration 1 (hide)

cpe:2.3:a:emby:emby:4.6.7.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:49

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@cupc4k3/administrator-account-takeover-in-emby-media-server-616fc2a6704f', 'name': 'https://medium.com/@cupc4k3/administrator-account-takeover-in-emby-media-server-616fc2a6704f', 'tags': ['Permissions Required', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40cupc4k3/administrator-account-takeover-in-emby-media-server-616fc2a6704f -

Information

Published : 2022-12-16 14:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-36223

Mitre link : CVE-2022-36223

CVE.ORG link : CVE-2022-36223


JSON object : View

Products Affected

emby

  • emby
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')