Stored XSS Vulnerability in Jellyfin Affecting Admin Access
CVE-2022-35910
5.4MEDIUM
What is CVE-2022-35910?
In versions of Jellyfin before 10.8, a stored Cross-Site Scripting (XSS) vulnerability exists that allows attackers to steal an administrator’s access token. By exploiting this vulnerability, an attacker could potentially execute malicious scripts in the context of an admin user, leading to unauthorized actions and data compromise.