CVE-2026-50232
published 2026-06-05CVE-2026-50232: Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata…
PriorityP338high7.2CVSS 3.1
AVNACLPRNUINSCCLILAN
EPSS
0.20%
9.6th percentile
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when users view track information or play files, enabling access to management functions and settings disclosure.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lms_community | lyrion_music_server | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
LMS Community Lyrion Music Server 9.2.0 Web Interface cross site scripting (ZSL-2026-5990 / EUVD-2026-34831)
vuldb·2026-06-05·CVSS 5.1
CVE-2026-50232 [MEDIUM] LMS Community Lyrion Music Server 9.2.0 Web Interface cross site scripting (ZSL-2026-5990 / EUVD-2026-34831)
A vulnerability, which was classified as problematic, was found in LMS Community Lyrion Music Server 9.2.0. Affected by this issue is some unknown functionality of the component Web Interface. Such manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2026-50232. It is possible to launch the attack remotely. No exploit is available.
GHSA
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM.
ghsa_unreviewed·2026-06-05
CVE-2026-50232 [MEDIUM] CWE-79 Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM.
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when users view track information or play files, enabling access to management functions and settings disclosure.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-05
Published