You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you very much for checking CM for security vulnerabilities! I have fixed them in the devel branch and will now release a new version.
To all the CM users listening in: The two vulnerabilities found by feedersec could only be exploited by logged-in users. However, especially in the case that you are running CM as root (which you should not!) one of the vulnerabilities could lead to the compromise of your server. I'll release a new version now, please make sure to update as soon as possible.
Many thanks again @feedersec, please contact me again if you find anything in the future!
Persistent XSS vulnerability in the 'playlistname' field allows the insertion of javascript into this field when creating a new playlist. ref: CVE-2015-8310
Hi, Could you please get in touch with me to discuss 2 vulnerabilities I've discovered in cherrymusic. feedersec [at] gmail [dot] com. Thanks.
The text was updated successfully, but these errors were encountered: