PYSEC-2017-100

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/cherrymusic/PYSEC-2017-100.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2017-100

Aliases

CVE-2015-8310
GHSA-4wcc-jv3p-prqw

Published

2017-03-27T15:59:00Z

Modified

2026-06-10T17:00:46.214515977Z

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.

References

Affected packages

PyPI / cherrymusic

Package

Name: cherrymusic; View open source insights on deps.dev
Purl: pkg:pypi/cherrymusic

Affected ranges

Type: GIT
Repo: https://github.com/devsnd/cherrymusic
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

62dec34a1ea0741400dd6b6c660d303dcd651e86

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.36.0

Affected versions

0.*

0.11.0

0.20.0

0.21.0

0.22.0

0.23.0

0.24.0

0.25.0

0.25.1

0.25.2

0.26.0

0.27.0

0.27.1

0.27.2

0.30.0

0.31.0

0.31.1

0.31.2

0.32.0

0.33.0

0.34.0

0.34.1

0.35.0

0.35.1

0.35.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/cherrymusic/PYSEC-2017-100.yaml"