Cherrymusic

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2015-8310	Fomori Cherrymusic	Med	0.28	5.4	0.00		Mar 27, 2017	Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.
CVE-2015-8309	Cherry Music Cherry Music	Med	0.24	4.3	0.07		Mar 27, 2017	Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

CVE-2015-8310MedMar 27, 2017
Fomori
Cherrymusic
risk 0.28cvss 5.4epss 0.00
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.
CVE-2015-8309MedMar 27, 2017
Cherry Music
Cherry Music
risk 0.24cvss 4.3epss 0.07
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."