{"id":60216,"date":"2026-06-05T13:46:43","date_gmt":"2026-06-05T13:46:43","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=60216"},"modified":"2026-06-05T13:46:43","modified_gmt":"2026-06-05T13:46:43","slug":"lyrion-music-server-920-serverlog-persistent-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=60216","title":{"rendered":"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804"},"content":{"rendered":"

{“lastseen”:”2026-06-05T18:16:07″,”description”:”The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provided value that gets logged a crafted URL, User-Agent, stream title, player name becomes persistent cross…”,”published”:”2026-06-05T00:00:00″,”modified”:”2026-06-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:222804″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-50231″],”sourceData”:”Lyrion Music Server 9.2.0 (server.log) Unauthenticated Stored XSS\\n \\n \\n Vendor: LMS Community\\n Product web page: https:\/\/www.lyrion.org\\n Affected version 9.2.0\\n \\n Summary: Lyrion Music Server (formerly Logitech Media Server, and\\n often abbreviated as \\”LMS\\” ) is open-source software which can control\\n and serve (stream) music to a wide range of physical and virtual audio\\n players called Squeezeboxes. Lyrion Music Server can stream your local\\n music collection, internet radio stations, and content from many streaming\\n services (with and without subscriptions).\\n \\n Desc: The log viewer reflects request parameters and raw log content into\\n HTML with no escaping. Template Toolkit has no global auto-escaping so any\\n [% var %] without an explicit | html filter is an injection point. The search,\\n lines and path query parameters are reflected directly, and log lines are\\n emitted as raw HTML. Any attacker-provided value that gets logged (a crafted\\n URL, User-Agent, stream title, player name) becomes stored XSS.\\n \\n ============================================================================\\n \/HTML\/EN\/log.html\\n ——————-\\n 85: \\u003cinput type=\\”text\\” name=\\”search\\” id=\\”search\\” value=\\”[% search %]\\” …\\u003e\\n 98: \\u003cspan\\u003e\\u003ca href=\\”\/[% path %]?zip=1\\”\\u003e[% \\”DOWNLOAD\\” | string %]\\u003c\/a\\u003e\\u003c\/span\\u003e\\n 100: \\u003cinput type=\\”hidden\\” name=\\”lines\\” id=\\”lines\\” value=\\”[% lines %]\\”\\u003e\\u003c\/input\\u003e\\n 103: \\u003cpre\\u003e[% logLines %]\\u003c\/pre\\u003e\\n \\n \\n \/Slim\/Web\/Pages\/Common.pm (logFile)\\n ————————————\\n 508: my $search = $params-\\u003e{search};\\n … $line = \\”\\u003cspan style=\\\\\\”color:red\\\\\\”\\u003e$line\\u003c\/span\\u003e\\” if …;\\n 549: return Slim::Web::HTTP::filltemplatefile(\\”log.html\\”, $params);\\n ============================================================================\\n \\n Tested on: Windows 10 (64-bit) – EN\\n Lyrion Music Server (9.2.0 – 1779973211)\\n Perl\/5.32.1\\n SQLite\\n \\n \\n Vulnerability discovered by Gjoko ‘LiquidWorm’ Krstic\\n @zeroscience\\n \\n \\n Advisory ID: ZSL-2026-5989\\n Advisory URL: https:\/\/www.zeroscience.mk\/#\/advisories\/ZSL-2026-5989\\n CVE ID: CVE-2026-50231\\n CVE URL: https:\/\/www.cve.org\/CVERecord?id=CVE-2026-50231\\n \\n \\n 27.05.2026\\n \\n –\\n \\n \\n http:\/\/localhost:9000\/imageproxy\/file:\/\/\/\/Zero%20Science%20Lab%20is%3Cscript%3Econfirm(%22Awesome!%22)%3C\/script%3E\\n \\n Viewing log at http:\/\/localhost:9000\/server.log:\\n …\\n …\\n [26-05-29 14:32:44.5987] Slim::Web::ImageProxy::__ANON__ (376) Artwork resize for imageproxy\/file:\/\/\/\/Zero Science Lab is failed\\n …”,”sourceHref”:”https:\/\/packetstorm.news\/download\/222804″,”cvss”:{“score”:7.2,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/222804\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-06-05T18:16:07″,”description”:”The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provided value that…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,39,12,15,13,53,7,11,5],"class_list":["post-60216","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-72","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=60216\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-06-05T18:16:07″,”description”:”The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provided value that...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=60216\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-05T13:46:43+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=60216#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=60216\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804\",\"datePublished\":\"2026-06-05T13:46:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=60216\"},\"wordCount\":562,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.2\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=60216#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=60216\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=60216\",\"name\":\"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-06-05T13:46:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=60216#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=60216\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=60216#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=60216","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804 - zero redgem","og_description":"{“lastseen”:”2026-06-05T18:16:07″,”description”:”The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provided value that...","og_url":"https:\/\/zero.redgem.net\/?p=60216","og_site_name":"zero redgem","article_published_time":"2026-06-05T13:46:43+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=60216#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=60216"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804","datePublished":"2026-06-05T13:46:43+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=60216"},"wordCount":562,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.2","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=60216#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=60216","url":"https:\/\/zero.redgem.net\/?p=60216","name":"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-06-05T13:46:43+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=60216#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=60216"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=60216#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting_PACKETSTORM:222804"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/60216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=60216"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/60216\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=60216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=60216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=60216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}