Nixpkgs security tracker
5.1 MEDIUM
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Passive (P)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): None (N)
- Subsequent System Impact Confidentiality (SC): Low (L)
- Subsequent System Impact Integrity (SI): Low (L)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Passive (P)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): None (N)
- Modified Subsequent System Impact Confidentiality (MSC): Low (L)
- Modified Subsequent System Impact Integrity (MSI): Low (L)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
2 packages
- flmsg
- helmsman
- @LeSuisse ignored reference https://w…
-
@LeSuisse
ignored
24 packages
- llmserve
- lmstudio
- python312Packages.calmsize
- python313Packages.calmsize
- python313Packages.lmstudio
- python314Packages.calmsize
- python314Packages.lmstudio
- python312Packages.llama-index-llms-ollama
- python312Packages.llama-index-llms-openai
- python313Packages.llama-index-llms-ollama
- python313Packages.llama-index-llms-openai
- python312Packages.llama-index-llms-openai-like
- python313Packages.llm-lmstudio
- python314Packages.llm-lmstudio
- pkgsRocm.python3Packages.llama-index-llms-ollama
- pkgsRocm.python3Packages.llama-index-llms-openai
- pkgsRocm.python3Packages.llama-index-llms-openai-like
- python312Packages.llama-index-multi-modal-llms-openai
- python313Packages.llama-index-multi-modal-llms-openai
- pkgsRocm.python3Packages.llama-index-multi-modal-llms-openai
- python313Packages.llama-index-llms-openai-like
- python314Packages.dlms-cosem
- python312Packages.dlms-cosem
- python313Packages.dlms-cosem
- @LeSuisse accepted
- @LeSuisse published on GitHub
Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags
Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the victim's library, causing the payload to be saved during library scanning and executed automatically in the web interface due to tag content being rendered using Wt::TextFormat::UnsafeXHTML without sanitization in src/lms/ui/Utils.cpp.
References
Ignored references (1)
-
https://www.vulncheck.com/advisories/lightweight-music-server-stored-xss-via-me… third-party-advisory
Affected products
- =<3.76.0
Matching in nixpkgs
Ignored packages (26)
pkgs.flmsg
Digital modem message program
pkgs.helmsman
Helm Charts (k8s applications) as Code tool
pkgs.llmserve
TUI for serving local LLM models
pkgs.lmstudio
LM Studio is an easy to use desktop app for experimenting with local and open-source Large Language Models (LLMs)
pkgs.python312Packages.calmsize
Take a number of bytes and return a human-readable string
pkgs.python313Packages.calmsize
Take a number of bytes and return a human-readable string
pkgs.python313Packages.lmstudio
LM Studio Python SDK
pkgs.python314Packages.calmsize
Take a number of bytes and return a human-readable string
pkgs.python314Packages.lmstudio
LM Studio Python SDK
pkgs.python312Packages.dlms-cosem
Python module to parse DLMS/COSEM
pkgs.python313Packages.dlms-cosem
Python module to parse DLMS/COSEM
pkgs.python314Packages.dlms-cosem
Python module to parse DLMS/COSEM
pkgs.python313Packages.llm-lmstudio
Plugin to use local models via LM Studio API with https://llm.datasette.io
pkgs.python314Packages.llm-lmstudio
Plugin to use local models via LM Studio API with https://llm.datasette.io
pkgs.python312Packages.llama-index-llms-ollama
LlamaIndex LLMS Integration for ollama
pkgs.python312Packages.llama-index-llms-openai
LlamaIndex LLMS Integration for OpenAI
pkgs.python313Packages.llama-index-llms-ollama
LlamaIndex LLMS Integration for ollama
pkgs.python313Packages.llama-index-llms-openai
LlamaIndex LLMS Integration for OpenAI
pkgs.python312Packages.llama-index-llms-openai-like
LlamaIndex LLMS Integration for OpenAI like
pkgs.python313Packages.llama-index-llms-openai-like
LlamaIndex LLMS Integration for OpenAI like
pkgs.pkgsRocm.python3Packages.llama-index-llms-ollama
LlamaIndex LLMS Integration for ollama
pkgs.pkgsRocm.python3Packages.llama-index-llms-openai
LlamaIndex LLMS Integration for OpenAI
pkgs.pkgsRocm.python3Packages.llama-index-llms-openai-like
LlamaIndex LLMS Integration for OpenAI like
pkgs.python312Packages.llama-index-multi-modal-llms-openai
LlamaIndex Multi-Modal-Llms Integration for OpenAI
pkgs.python313Packages.llama-index-multi-modal-llms-openai
LlamaIndex Multi-Modal-Llms Integration for OpenAI
pkgs.pkgsRocm.python3Packages.llama-index-multi-modal-llms-openai
LlamaIndex Multi-Modal-Llms Integration for OpenAI
Package maintainers
-
@mksafavi MK Safavi <mksafavi@gmail.com>