Team Johnlong RaidenTunes 2.1.1 Remote Cross-Site Scripting Vulnerability

RaidenTunes 2.1.1 suffers from a Cross-Site Scripting (XSS) vulnerability caused by improper validation of user-supplied input by the music_out.php script thru “p” param. A remote attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site, allowing the attacker to steal the victim’s cookie-based authentication credentials.

Details: http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2010-4947.php

Vendor: http://forum.raidenftpd.com/showflat.php?Cat=&Board=mp3&Number=51265&page=0&view=collapsed&sb=5&o=0&fpart=

Comment are closed.