PYSEC-2017-100

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/cherrymusic/PYSEC-2017-100.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2017-100
Aliases
Published
2017-03-27T15:59:00Z
Modified
2024-04-29T17:12:07.948667Z
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.

References

Affected packages

PyPI / cherrymusic

Package

Name
cherrymusic
View open source insights on deps.dev
Purl
pkg:pypi/cherrymusic

Affected ranges

Type
GIT
Repo
https://github.com/devsnd/cherrymusic
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
62dec34a1ea0741400dd6b6c660d303dcd651e86
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.36.0

Affected versions

0.*

0.30.0
0.31.0
0.31.1
0.31.2
0.32.0
0.33.0
0.34.0
0.34.1
0.35.1
0.35.2