CVE-2023-23636

Published: 2023-02-03T01:15Z

Last Modified: 2025-03-26T19:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt