Emby MediaServer version 3.2.5 suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the URL path filename when handling 'not found' errors. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
413c8dd70f63ee4e8e53a5a298b2725274507fae9766167efcdfb6194cb86cac