CVE-2026-50231
Unauthenticated Stored XSS in Lyrion Music Server
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lyrion | music_server | 9.2.0 |
| lyrion | music_server | to 9.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-50231 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-50231 is an unauthenticated stored cross-site scripting (XSS) vulnerability found in Lyrion Music Server version 9.2.0 and earlier, specifically in the log viewer feature.
Attackers can exploit this vulnerability by injecting malicious scripts through unescaped template variables. They can do this via search, lines, and path query parameters or by crafting values that get logged, such as URLs, User-Agent headers, stream titles, or player names.
When exploited, this vulnerability allows arbitrary script execution in the browsers of users who view the affected logs.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary script execution in the browsers of users who access the log viewer in Lyrion Music Server.
Such script execution can be used by attackers to steal sensitive information, hijack user sessions, perform actions on behalf of the user, or deliver further malicious payloads.
Because the vulnerability is unauthenticated, attackers do not need to be logged in to exploit it, increasing the risk of attack.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and inspecting the log viewer feature of Lyrion Music Server 9.2.0 for unescaped template variables that allow script injection.
Specifically, you can check for suspicious or malicious script payloads in the search, lines, and path query parameters, as well as in logged values such as URLs, User-Agent headers, stream titles, or player names.
Commands to detect potential exploitation might include searching server logs for suspicious script tags or JavaScript payloads. For example, using grep on log files:
- grep -iE '<script|javascript:' /path/to/lyrion/logs/*
- grep -iE 'onerror=|onload=' /path/to/lyrion/logs/*
Additionally, monitoring HTTP requests for suspicious query parameters containing script payloads can be done via network capture tools or web server logs.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the log viewer feature to trusted users only, as the vulnerability allows unauthenticated attackers to inject scripts.
Additionally, sanitize and validate all input parameters such as search, lines, and path query parameters, and ensure that any logged values like URLs, User-Agent headers, stream titles, or player names are properly escaped before rendering.
If possible, update or patch Lyrion Music Server to a version where this vulnerability is fixed.
As a temporary workaround, consider disabling the log viewer feature until a patch is applied.