Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
Max CVSS
4.3
EPSS Score
0.34%
Published
2008-08-10
Updated
2017-09-29
Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Max CVSS
7.5
EPSS Score
0.45%
Published
2008-08-01
Updated
2018-11-01
2 vulnerabilities found