Emby.Media.Server.DevicesOptions.CustomName.XSS

description-logoDescription

This indicates an attack attempt on a Cross-Site Scripting (XSS) vulnerability in Emby Media Server.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary script code in the browser.

affected-products-logoAffected Products

Emby Media Server 4.0

Impact logoImpact

System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser

recomended-action-logoRecommended Actions

Refer to the vendor supplied advisory for updates:
https://emby.media/community/index.php?/topic/21348-emby-latest-versions/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-21 14.637 Name:FG-VD-19-023_Emby.
0day:Emby.
Media.
Server.
DevicesOptions.
CustomName.
XSS
2019-03-29 14.583 Default_action:pass:drop
2019-03-14 14.573