CVE-2025-46338 – Audiobookshelf Reflected Cross-Site Scripting (XSS) Vulnerability

April 29, 2025

CVE ID : CVE-2025-46338

Published : April 29, 2025, 5:15 a.m. | 1 hour, 40 minutes ago

Description : Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected cross-site scripting (XSS) attack by submitting malicious payloads in the `libraryId` field. The unsanitized input is reflected in the server’s error message, enabling arbitrary JavaScript execution in a victim’s browser. This issue has been patched in version 2.21.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46343 – n8n Stored XSS Vulnerability

Next Article CVE-2025-46330 – Snowflake libsnowflakeclient HTTP Request Retry Denial of Service

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

OneDrive user locked out of “30 years worth of photos and work” without any support — calls Microsoft a “Kafkaesque black hole”

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Best PHP Project for Final Year Students: Learn, Build, and get Successful with PHPGurukul

Community News: Latest PECL Releases (06.24.2025)

JSON module scripts are now Baseline Newly Available

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

Summer Game Fest had a bit of a “weird” vibe this year — an extremely mixed bag of weak presentations and interesting titles

The Lenovo Legion Go 2 gets its first release date tease, which could be accurate — but treat with the biggest pinch of salt

Denmark will stick with Windows — government still plans to ditch Microsoft Office

CVE-2025-46338 – Audiobookshelf Reflected Cross-Site Scripting (XSS) Vulnerability

Xiaomi’s Interoperability App Vulnerability Let Hackers Gain Unauthorized Access to the Victim’s Device

OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data

The AI Fix #48: AI Jesus, and is the AI Singularity almost upon us?

Rilasciato il Nuovo Driver NVIDIA 575.64 per GNU/Linux con Correzioni Importanti

CVE-2024-13914 – “WordPress File Manager Advanced Shortcode Local File Inclusion Vulnerability”

CVE-2025-5799 – Tenda AC8 Stack-Based Buffer Overflow Vulnerability

Redis Reintroduces Open-Source AGPL Alongside SSPL Licensing

Casper Malware: After Babar and Bunny, Another Espionage Cartoon

Are you buying the new Surface Pro 12-inch or Surface Laptop 13-inch? — Discussion 💬

Top GitHub Repositories Every CTO Should Keep an Eye On

CVE-2025-46338 – Audiobookshelf Reflected Cross-Site Scripting (XSS) Vulnerability

Related Posts