Primary

Context

julmud phpDVDProfiler Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in julmud/phpDVDProfiler, specifically in versions v_20230807 prior to v_20250511. The issue arises in the search function, where user input is not properly sanitized, allowing for the injection of malicious scripts. This vulnerability affects both the gallery and the main screen.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, navigate to the search function in either the gallery or the main screen. Input a search term that includes unsanitized HTML, such as a script tag followed by an image tag with an error event. This will trigger the cross-site scripting vulnerability by executing the injected script.

Remediation

Users can upgrade to version v_20250511, which includes a patch for this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

julmud phpDVDProfiler Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating