CVE-2026-42887 - Audiobookshelf: Stored Cross-Site Scripting in Login Page Custom Message
CVE ID :CVE-2026-42887 Published : May 11, 2026, 8:25 p.m. | 40 minutes ago Description :Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLoginCustom
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Simandou ships record quantity of iron ore, swelling Chinese stocks
- [CYBER] Anthropic's Bug-Hunting Mythos Was Greatest Marketing Stunt Ever, Says cURL Creator
- [CYBER] CVE-2026-43874 - WWBN AVideo: Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass
- [CYBER] CVE-2026-8321 - inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass
- [CYBER] CVE-2026-8320 - jishenghua jshERP updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode server-side request forgery
- [CYBER] CVE-2026-8319 - aiwaves-cn agents cheshire_cat_core stray_cat.py recall_relevant_memories_to_working_memory resource consumption