Packagist (Composer) package
james-heinrich/getid3
pkg:composer/james-heinrich/getid3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-40926 | — | >= 1.0.0, < 1.9.21 | 1.9.21 | Oct 1, 2021 | Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. | ||
| CVE-2014-2053 | — | < 1.9.9 | 1.9.9 | Jun 4, 2014 | getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. |
- CVE-2021-40926Oct 1, 2021affected >= 1.0.0, < 1.9.21fixed 1.9.21
Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.
- CVE-2014-2053Jun 4, 2014affected < 1.9.9fixed 1.9.9
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.