CVE-2015-8310

Name of the Vulnerable Software and Affected Versions Cherry Music versions prior to 0.36.0

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.

Recommendations For versions prior to 0.36.0, update to version 0.36.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the playlist creation feature to minimize the risk of exploitation. Avoid using the playlistname field in a way that could allow arbitrary web script or HTML injection until the issue is resolved.