VULHUB ™

A cross site scripting vulnerability has been reported for WinAmp. Reportedly, WinAmp does not properly sanitize user supplied input before being included when generating HTML playlists. It is possible for an attacker to include malicious HTML code using certain fields of the ID3v2 file tags. Injected script code may execute within the context of the local system.

A cross site scripting vulnerability has been reported for WinAmp. Reportedly, WinAmp does not properly sanitize user supplied input before being included when generating HTML playlists. It is possible for an attacker to include malicious HTML code using certain fields of the ID3v2 file tags. Injected script code may execute within the context of the local system.