vendor:
Music Sharing Platform
by:
Halil Dalabasmaz
5.5
CVSS
MEDIUM
Stored XSS, Reflected XSS
79
CWE
Product Name: Music Sharing Platform
Affected Version From: v1.0.5
Affected Version To: v1.0.5
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2014
phpSound Music Sharing Platform Multiple XSS Vulnerabilities
Multiple XSS vulnerabilities exist in the phpSound Music Sharing Platform. The first vulnerability allows an attacker to execute arbitrary code by injecting a malicious payload in the 'Title' or 'Description' input fields of a playlist. The second vulnerability is a reflected XSS vulnerability in the 'filter' parameter of the explore page, allowing an attacker to execute arbitrary code. Sample payloads for both vulnerabilities are provided.
Mitigation:
To mitigate these vulnerabilities, the input fields should be properly filtered to prevent XSS attacks. Additionally, the 'filter' parameter should be filtered to prevent reflected XSS attacks.