PT-2025-20691 · Unknown+1 · Julmud/Phpdvdprofiler+1
Julmud
·
Published
2025-05-12
·
Updated
2025-06-10
·
CVE-2025-46729
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
julmud/phpDVDProfiler versions v 20230807 through v 20250510
Description
The issue concerns cross-site scripting in the search function of the software. This allows for potential malicious script execution when a user interacts with the search functionality. The software is used to display DVD collections on the web, maintained with Invelos's DVDProfiler software.
Recommendations
For versions v 20230807 through v 20250510, update to version v 20250511 or later, as it contains a patch for the issue. As a temporary workaround, consider restricting access to the search function until the update can be applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dvdprofiler
Julmud/Phpdvdprofiler