CVE-2026-50232
HighCVSS 7.2Summary
Lyrion Music Server version 9.2.0 contains a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM.
Risk Assessment
Attackers can craft files with XSS payloads in metadata tags that execute in the web interface, potentially leading to access to management functions and settings disclosure.
Recommendation
It is recommended to update the Lyrion Music Server to the latest version and implement input filtering and validation for metadata in files.
Original NVD description (English source)
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when users view track information or play files, enabling access to management functions and settings disclosure.

