Medium severity6.1NVD Advisory· Published Dec 16, 2022· Updated Jun 17, 2026
CVE-2022-36223
CVE-2022-36223
Description
In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =4.6.7.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.