CVE-2009-1175

Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message.
Configurations

Configuration 1 (hide)

cpe:2.3:a:banshee-project:banshee:1.4.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:01

Type Values Removed Values Added
References () http://bugzilla.gnome.org/show_bug.cgi?id=577270 - () http://bugzilla.gnome.org/show_bug.cgi?id=577270 -
References () http://www.openwall.com/lists/oss-security/2009/03/30/2 - () http://www.openwall.com/lists/oss-security/2009/03/30/2 -

Information

Published : 2009-03-31 14:09

Updated : 2024-11-21 01:01


NVD link : CVE-2009-1175

Mitre link : CVE-2009-1175

CVE.ORG link : CVE-2009-1175


JSON object : View

Products Affected

banshee-project

  • banshee
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')