CVE-2025-46338

Medium CVSS: 6.9

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the `libraryId` field. The unsanitized input is reflected in the server’s error message, enabling arbitrary JavaScript execution in a victim's browser. This issue has been patched in version 2.21.0.

Vendor

Audiobookshelf

Product

Audiobookshelf

CWE

CWE-79

Yayın Tarihi

2025-04-29 05:15:46

Güncelleme

2025-05-09 19:37:37

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Audiobookshelf MEDIUM Audiobookshelf 2025

Referanslar

https://github.com/advplyr/audiobookshelf/commit/35870a01583b2947030f4e3d4ac769c3ff298386 https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-47g3-c5hx-2q3w

Benzer Kayıtlar

Medium

CVE-2026-27963

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists i…

Medium

CVE-2026-27974

Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versi…

Medium

CVE-2026-27973

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists i…

High

CVE-2025-57800

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does no…

High

CVE-2025-25205

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a…