Unrated severityNVD Advisory· Published Aug 19, 2022· Updated Aug 3, 2024
CVE-2022-35910
CVE-2022-35910
Description
In Jellyfin before 10.8, stored XSS allows theft of an admin access token.
Affected products
2Patches
Vulnerability mechanics
References
3- docs.google.com/document/d/1cBXQrokCvWxKET4BKi3ZLtVp5gst6-MrGPgMKpfXw8Y/editmitrex_refsource_MISC
- github.com/jellyfin/jellyfin/pull/7569/filesmitrex_refsource_MISC
- medium.com/stolabs/cve-2022-35909-cve-2022-35910-incorrect-access-control-and-xss-stored-to-jellyfin-967359c91058mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.