Cross-Site Scripting Vulnerabilities in phpSound Music Sharing Platform
CVE-2014-8954

Currently unrated

Key Information:

Vendor

Codecanyon

Status
PHPsound
Vendor
CVE Published:
17 November 2014

What is CVE-2014-8954?

The phpSound music sharing platform version 1.0.5 contains multiple cross-site scripting (XSS) vulnerabilities that could allow remote attackers to inject arbitrary web scripts or HTML into the application. These vulnerabilities are found in the Title or Description fields within a playlist, as well as in the filter parameter used in explore actions handled by index.php. Successful exploitation could compromise the integrity of the web application, leading to unauthorized access and data theft.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/71172
vdb-entryx_refsource_BID
http://www.exploit-db.com/exploits/35198
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/129104/phpSound-Musi...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.