CVE-2022-36223

Source
https://cve.org/CVERecord?id=CVE-2022-36223
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36223.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-36223
Published
2022-12-16T00:00:00Z
Modified
2026-07-15T01:49:11.533288971Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36223.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/mediabrowser/emby.releases

Affected ranges

Type
GIT
Repo
https://github.com/mediabrowser/emby.releases
Events
Database specific
{
    "cpe": "cpe:2.3:a:emby:emby:4.6.7.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.6.7.0"
        },
        {
            "last_affected": "4.6.7.0"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

4.*
4.6.7.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36223.json"