PatchSiren cyber security CVE debrief
CVE-2026-50230 LMS Community CVE debrief
CVE-2026-50230 is a MEDIUM severity vulnerability in Lyrion Music Server 9.2.0. The vulnerability is an unauthenticated reflected cross-site scripting (XSS) issue in the server.log endpoint. Attackers can inject arbitrary HTML and JavaScript code through the search parameter, allowing them to execute code in users' browsers within the context of the affected application.
- Vendor
- LMS Community
- Product
- Lyrion Music Server
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Lyrion Music Server 9.2.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.1 and is classified as MEDIUM severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates to Lyrion Music Server 9.2.0 as soon as they are available.
- Use a web application firewall (WAF) to detect and prevent XSS attacks.
- Validate and sanitize user input to prevent injection of malicious code.
Evidence notes
The vulnerability was reported by Vulncheck and Zero Science Lab.
Official resources
CVE-2026-50230 was published on 2026-06-05T14:16:36.010Z and modified on 2026-06-05T14:59:31.207Z.