CVE-2026-50235
published 2026-06-05CVE-2026-50235: Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.16%
5.3th percentile
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScript in users' browsers and steal session information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lms_community | lyrion_music_server | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms.
ghsa_unreviewed·2026-06-05
CVE-2026-50235 [MEDIUM] CWE-79 Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms.
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScript in users' browsers and steal session information.
VulDB
LMS Community Lyrion Music Server 9.2.0 Search Parameter cross site scripting (ZSL-2026-5993 / EUVD-2026-34834)
vuldb·2026-06-05·CVSS 5.1
CVE-2026-50235 [MEDIUM] LMS Community Lyrion Music Server 9.2.0 Search Parameter cross site scripting (ZSL-2026-5993 / EUVD-2026-34834)
A vulnerability, which was classified as problematic, has been found in LMS Community Lyrion Music Server 9.2.0. Affected by this vulnerability is an unknown functionality of the component Search Parameter Handler. This manipulation causes cross site scripting.
The identification of this vulnerability is CVE-2026-50235. It is possible to initiate the attack remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-05
Published