Cross-Site Scripting Vulnerabilities in phpSound Music Sharing Platform
CVE-2014-8954

Currently unrated

Key Information:

Vendor

Codecanyon

Status
PHPsound
Vendor
CVE Published:
17 November 2014

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2014-8954?

The phpSound music sharing platform version 1.0.5 contains multiple cross-site scripting (XSS) vulnerabilities that could allow remote attackers to inject arbitrary web scripts or HTML into the application. These vulnerabilities are found in the Title or Description fields within a playlist, as well as in the filter parameter used in explore actions handled by index.php. Successful exploitation could compromise the integrity of the web application, leading to unauthorized access and data theft.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-8954 - Proof of Concept

References

http://www.securityfocus.com/bid/71172
vdb-entryx_refsource_BID
http://www.exploit-db.com/exploits/35198
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/129104/phpSound-Musi...
x_refsource_MISC

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.