CVE-2026-27963

Medium CVSS: 4.8

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browsers, potentially leading to session hijacking and data exfiltration. Version 2.32.0 contains a patch for the issue.

Vendor

Audiobookshelf

Product

Audiobookshelf

CWE

CWE-79

Yayın Tarihi

2026-02-26 03:16:04

Güncelleme

2026-02-27 17:08:05

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Audiobookshelf MEDIUM Audiobookshelf 2026

Referanslar

https://github.com/advplyr/audiobookshelf/commit/503f4611b221a5bde19024e657021670df204478 https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-69cp-m725-wf78

Benzer Kayıtlar

Medium

CVE-2026-27974

Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting (XSS) vulnerability exists in versi…

Medium

CVE-2026-27973

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists i…

High

CVE-2025-57800

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does no…

Medium

CVE-2025-46338

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulner…

High

CVE-2025-25205

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a…