CVE-2002-0546 — Cross-site Scripting in Winamp

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

1.0%

top 22.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nullsoft Winamp

Timeline

PublishedJul 3

Latest updateApr 30

Description

Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDnullsoft/winamp2.78, 2.79+1

🔴Vulnerability Details

GHSA

GHSA-h32h-w8cj-pmf9: Cross-site scripting vulnerability in the mini-browser for Winamp 2↗2022-04-30

▶