Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters.
References
Configurations
History
21 Nov 2024, 00:51
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.org/0809-exploits/dynamicmp3-xss.txt - | |
References | () http://www.securityfocus.com/bid/31151 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/45111 - |
Information
Published : 2008-09-23 15:25
Updated : 2024-11-21 00:51
NVD link : CVE-2008-4174
Mitre link : CVE-2008-4174
CVE.ORG link : CVE-2008-4174
JSON object : View
Products Affected
benjamin_kuz
- dynamic_mp3_lister
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')