zachi40 0 Posted February 8, 2022 Posted February 8, 2022 (edited) We just noticed an XSS vulnerability when I change the device name to XSS payload I am at version: 4.6.7.0 Has this already been fixed? And at url "<embyserver>/web/web/1<XSS payload>" Edited February 8, 2022 by zachi40 find more places
Abobader 3464 Posted February 8, 2022 Posted February 8, 2022 Hello zachi40, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team
Luke 42077 Posted February 8, 2022 Posted February 8, 2022 Hi, where did you change the device name to xss payload?
zachi40 0 Posted February 8, 2022 Author Posted February 8, 2022 3 hours ago, Luke said: Hi, where did you change the device name to xss payload? yes
zachi40 0 Posted February 8, 2022 Author Posted February 8, 2022 1 minute ago, Luke said: Hi, where did you do this? I change my iPhone name to "><img src="x" onerror=alert(1)>" . Then I go to the Admin page (<EMBY>/web/index.html#!/dashboard) ) and XSS is run
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now