Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jellyfin jellyfin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-48702
Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC p...
Jellyfin Jellyfin
NA
CVE-2023-49096
Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos/<itemId>/stream` and `/Videos/<itemId>/stream.<container>` endpoints which are prese...
Jellyfin Jellyfin
NA
CVE-2023-30627
jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When com...
Jellyfin Jellyfin
NA
CVE-2023-30626
Jellyfin is a free-software media system. Versions starting with 10.8.0 and before 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30...
Jellyfin Jellyfin
NA
CVE-2023-27161
Jellyfin up to v10.7.7 exists to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows malicious users to access network resources and sensitive information via a crafted POST request.
Jellyfin Jellyfin
NA
CVE-2023-23635
In Jellyfin 10.8.x up to and including 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an malicious user to steal access tokens from the localStorage of the victim.
Jellyfin Jellyfin
NA
CVE-2023-23636
In Jellyfin 10.8.x up to and including 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an malicious user to steal access tokens from the localStorage of the victim.
Jellyfin Jellyfin
NA
CVE-2022-35910
In Jellyfin prior to 10.8, stored XSS allows theft of an admin access token.
Jellyfin Jellyfin
NA
CVE-2022-35909
In Jellyfin prior to 10.8, the /users endpoint has incorrect access control for admin functionality.
Jellyfin Jellyfin
5
CVSSv2
CVE-2021-29490
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions before 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. This issue potentially exposes bo...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »