Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-qwp3-5fw3-5wgv: Incorrect Access Control and Cross Site Scripting in Jellyfin

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. This lack of access control can be leveraged to performe a cross site scripting attack.

ghsa
#xss#git

Incorrect Access Control and Cross Site Scripting in Jellyfin

High severity GitHub Reviewed Published Aug 20, 2022 • Updated Aug 30, 2022

ghsa: Latest News

GHSA-6qhv-4h7r-2g9m: rfc3161-client has insufficient verification for timestamp response signatures