CVE-2015-8310

MEDIUM

Cherry Music <0.36.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.

References (4)

Scores

CVSS v3 5.4
EPSS 0.0024
EPSS Percentile 46.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (3)

fomori/cherrymusic < 0.35.2
pypi/CherryMusic < 0.36.0PyPI
n/a/n/a

Timeline

Published Mar 27, 2017
Tracked Since Feb 18, 2026