igeoorge 26 Posted June 2, 2021 Posted June 2, 2021 Friends, We just noticed an XSS vulnerability I am at version: 4.5.4.0 Has this already been fixed? 1
roaku 842 Posted June 2, 2021 Posted June 2, 2021 17 minutes ago, cayars said: Hi, what are you trying to show us? According to the screenshot, foreign Javascript is being injected through the url and executed by the browser as if it were part of the Emby web app.
Luke 42087 Posted June 3, 2021 Posted June 3, 2021 Testing on 4.6, with what appears to be the same url you're testing with, I do not get the alert dialog.
neik 873 Posted June 4, 2021 Posted June 4, 2021 16 hours ago, Luke said: Testing on 4.6, with what appears to be the same url you're testing with, I do not get the alert dialog. FWIW, I also get an "access denied" on latest stable.
igeoorge 26 Posted June 4, 2021 Author Posted June 4, 2021 Thanks for your attention friends In the latest version the vulnerability does not occur. 1
Luke 42087 Posted June 4, 2021 Posted June 4, 2021 2 hours ago, igeoorge said: Thanks for your attention friends In the latest version the vulnerability does not occur. Thanks for the feedback.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now