Vulnerabilities > Emby > Emby > 3.0.5970

DATE CVE VULNERABILITY TITLE RISK
2023-06-28 CVE-2021-25827 Authentication Bypass by Spoofing vulnerability in Emby
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.
network
low complexity
emby CWE-290
critical
 9.8
9.8
2023-06-28 CVE-2021-25828 Cross-site Scripting vulnerability in Emby
Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.
network
low complexity
emby CWE-79
6.1
6.1
2020-10-10 CVE-2020-26948 Server-Side Request Forgery (SSRF) vulnerability in Emby
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
network
low complexity
emby CWE-918
critical
 9.8
9.8