DEBIAN-CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

CVE-2026-49130 Music Player Daemon < 0.24.11 CRLF Injection via XspfPlaylistPlugin.cxx

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

CVE-2026-49130

MPD (Music Player Daemon) prior to version 0.24.11 is affected by a CRLF injection vulnerability in the XSPF playlist plugin’s xspf_char_data function. By supplying a malicious XSPF playlist that exploits XML numeric character references, an attacker can cause Expat decoding to insert literal CR/...

WordPress plugin LambertGroup AllInOne Banner with Playlist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

CVE-2023-48767 WordPress MyTube PlayList Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Raghu Goriya MyTube PlayList allows Reflected XSS.This issue affects MyTube PlayList: from n/a through 2.0.3...

CVE-2023-45049

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ciprian Popescu YouTube Playlist Player plugin = 4.6.7 versions...

Cross site request forgery (csrf)

A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched...

WordPress HTML5 Video Player with Playlist plugin Multiple XSS Vulnerabilities

WordPress HTML5 Video Player with Playlist Plugin is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2014-4534

Multiple cross-site scripting XSS vulnerabilities in videoplayer/autoplay.php in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 theme or 2 playlistmod parameter...

CVE-2014-4534

The CVE-2014-4534 entry covers multiple XSS vulnerabilities in the WordPress plugin “HTML5 Video Player with Playlist” (versions up to and including 2.4.0). Vulnerable component: videoplayer/autoplay.php; attacker can inject arbitrary script/HTML via the (1) theme or (2) playlistmod parameter. Im...