CVE-2014-8954

Name of the Vulnerable Software and Affected Versions phpSound version 1.0.5

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific fields, including the Title or Description fields in a playlist, or the filter parameter in an explore action to "index.php".

Recommendations For phpSound version 1.0.5, consider restricting user input for the Title and Description fields in playlists and the filter parameter in explore actions to prevent arbitrary web script or HTML injection until a patch is available. As a temporary workaround, disabling the ability to input HTML in these fields can help mitigate the risk.