Which versions of Lyrion Music Server are affected by EUVD-2026-34830?

Lyrion Music Server 9.2.0 contains a stored cross-site scripting (XSS) vulnerability allowing unauthenticated attackers to inject persistent JavaScript into the log viewer, affecting all…

How to fix or mitigate EUVD-2026-34830?

Within 24 hours: Identify all systems running Lyrion Music Server 9.2.0, confirm whether the log viewer is accessible from untrusted networks, and document current access controls. Within 7 days: Restrict log viewer access to authenticated users only and implement IP-based allowlisting for trusted administrative networks; deploy WAF rules to filter XSS patterns in query parameters (search, lines, path). Within 30 days: Contact the vendor for patched version timeline and availability; prepare and test an upgrade procedure for immediate deployment upon patch release, or evaluate alternative solutions if the vendor's patch timeline exceeds organizational risk tolerance.

Lyrion Music Server EUVD-2026-34830

Q: What is the CVSS score of EUVD-2026-34830?

EUVD-2026-34830 has a CVSS 4.0 base score of 5.1 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-50231 MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2026-06-05 VulnCheck

GHSA-4hhv-5h2w-9qm2

XSS Lyrion Music Server

5.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.1 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Severity Changed

Jun 05, 2026 - 14:22 NVD

HIGH MEDIUM

CVSS changed

Jun 05, 2026 - 14:22 NVD

7.2 (HIGH) 5.1 (MEDIUM)

Analysis Generated

Jun 05, 2026 - 14:16 vuln.today

DescriptionCVE.org

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by crafting values that get logged such as URLs, User-Agent headers, stream titles, or player names to execute arbitrary scripts in users' browsers.

AnalysisAI

Stored cross-site scripting in Lyrion Music Server 9.2.0's log viewer allows unauthenticated remote attackers to inject persistent JavaScript via unescaped template variables, executing arbitrary scripts in the browsers of administrators or other users who view the logs. Injection vectors include the search, lines, and path query parameters as well as indirect channels such as URLs, User-Agent headers, stream titles, and player names that get written to the server log. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify all systems running Lyrion Music Server 9.2.0, confirm whether the log viewer is accessible from untrusted networks, and document current access controls. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-34830 vulnerability details – vuln.today

Back