CVE-2026-50231 in Lyrion Music Serverinfo

Summary

by MITRE • 06/05/2026

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by crafting values that get logged such as URLs, User-Agent headers, stream titles, or player names to execute arbitrary scripts in users' browsers.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

06/04/2026

Disclosure

06/05/2026

Moderation

accepted

Entry

VDB-368932

CPE

ready

CWE

CWE-79 (confirmed)

CVSS

7.2 (CNA)

EPSS

0.00000

KEV

Activities

low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-50231
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-50231
CVE Details	https://www.cvedetails.com/cve/CVE-2026-50231/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!