CVE-2026-50231
Deferred Deferred - Pending Action
Unauthenticated Stored XSS in Lyrion Music Server

Publication date: 2026-06-05

Last updated on: 2026-06-05

Assigner: VulnCheck

Description
Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by crafting values that get logged such as URLs, User-Agent headers, stream titles, or player names to execute arbitrary scripts in users' browsers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-05
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-50231
EUVD
EUVD-2026-34830
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
lyrion music_server 9.2.0
lyrion music_server to 9.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-50231 is an unauthenticated stored cross-site scripting (XSS) vulnerability found in Lyrion Music Server version 9.2.0 and earlier, specifically in the log viewer feature.

Attackers can exploit this vulnerability by injecting malicious scripts through unescaped template variables. They can do this via search, lines, and path query parameters or by crafting values that get logged, such as URLs, User-Agent headers, stream titles, or player names.

When exploited, this vulnerability allows arbitrary script execution in the browsers of users who view the affected logs.

Impact Analysis

This vulnerability can lead to arbitrary script execution in the browsers of users who access the log viewer in Lyrion Music Server.

Such script execution can be used by attackers to steal sensitive information, hijack user sessions, perform actions on behalf of the user, or deliver further malicious payloads.

Because the vulnerability is unauthenticated, attackers do not need to be logged in to exploit it, increasing the risk of attack.

Detection Guidance

This vulnerability can be detected by monitoring and inspecting the log viewer feature of Lyrion Music Server 9.2.0 for unescaped template variables that allow script injection.

Specifically, you can check for suspicious or malicious script payloads in the search, lines, and path query parameters, as well as in logged values such as URLs, User-Agent headers, stream titles, or player names.

Commands to detect potential exploitation might include searching server logs for suspicious script tags or JavaScript payloads. For example, using grep on log files:

  • grep -iE '<script|javascript:' /path/to/lyrion/logs/*
  • grep -iE 'onerror=|onload=' /path/to/lyrion/logs/*

Additionally, monitoring HTTP requests for suspicious query parameters containing script payloads can be done via network capture tools or web server logs.

Mitigation Strategies

Immediate mitigation steps include restricting access to the log viewer feature to trusted users only, as the vulnerability allows unauthenticated attackers to inject scripts.

Additionally, sanitize and validate all input parameters such as search, lines, and path query parameters, and ensure that any logged values like URLs, User-Agent headers, stream titles, or player names are properly escaped before rendering.

If possible, update or patch Lyrion Music Server to a version where this vulnerability is fixed.

As a temporary workaround, consider disabling the log viewer feature until a patch is applied.

Compliance Impact

The provided information does not specify how the CVE-2026-50231 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50231. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart