{"id":"PYSEC-2017-100","details":"Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.","aliases":["CVE-2015-8310","GHSA-4wcc-jv3p-prqw"],"modified":"2026-06-10T17:00:46.214515977Z","published":"2017-03-27T15:59:00Z","references":[{"type":"REPORT","url":"https://github.com/devsnd/cherrymusic/issues/598"},{"type":"FIX","url":"https://github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86"},{"type":"WEB","url":"http://www.fomori.org/cherrymusic/Changes.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/97148"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-4wcc-jv3p-prqw"}],"affected":[{"package":{"name":"cherrymusic","ecosystem":"PyPI","purl":"pkg:pypi/cherrymusic"},"ranges":[{"type":"GIT","repo":"https://github.com/devsnd/cherrymusic","events":[{"introduced":"0"},{"fixed":"62dec34a1ea0741400dd6b6c660d303dcd651e86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.36.0"}]}],"versions":["0.30.0","0.31.0","0.31.1","0.31.2","0.32.0","0.33.0","0.34.0","0.34.1","0.35.1","0.35.2","0.35.0","0.27.2","0.27.1","0.27.0","0.26.0","0.25.2","0.25.1","0.25.0","0.24.0","0.23.0","0.22.0","0.21.0","0.20.0","0.11.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/cherrymusic/PYSEC-2017-100.yaml"}}],"schema_version":"1.7.5"}