npm package
jellyfin-web
pkg:npm/jellyfin-web
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-23636 | — | >= 10.8.0, < 10.8.4 | 10.8.4 | Feb 3, 2023 | In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | ||
| CVE-2023-23635 | — | >= 10.8.0, < 10.8.4 | 10.8.4 | Feb 3, 2023 | In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. |
- CVE-2023-23636Feb 3, 2023affected >= 10.8.0, < 10.8.4fixed 10.8.4
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.
- CVE-2023-23635Feb 3, 2023affected >= 10.8.0, < 10.8.4fixed 10.8.4
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.