CVE Catalog

CVE-2026-50232

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Summary

Lyrion Music Server version 9.2.0 contains a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM.

Risk Assessment

Attackers can craft files with XSS payloads in metadata tags that execute in the web interface, potentially leading to access to management functions and settings disclosure.

Recommendation

It is recommended to update the Lyrion Music Server to the latest version and implement input filtering and validation for metadata in files.

Original NVD description (English source)

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when users view track information or play files, enabling access to management functions and settings disclosure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS