MidnightBSD

Advisories for getid3

CVE-2014-2053 HIGH

getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
owncloud owncloud 5.0.2
getid3 getid3 1.9.4
owncloud owncloud 5.0.14
owncloud owncloud *
owncloud owncloud 5.0.7
owncloud owncloud 5.0.6
owncloud owncloud 5.0.5
getid3 getid3 1.9.3
getid3 getid3 *
owncloud owncloud 5.0.0
owncloud owncloud 5.0.8
owncloud owncloud 5.0.13
owncloud owncloud 5.0.9
owncloud owncloud 5.0.3
getid3 getid3 1.9.1
getid3 getid3 1.9.2
owncloud owncloud 5.0.1
owncloud owncloud 5.0.11
getid3 getid3 1.9.6
getid3 getid3 1.9.5
owncloud owncloud 6.0.1
owncloud owncloud 6.0.0
getid3 getid3 1.9.0
owncloud owncloud 5.0.4
owncloud owncloud 5.0.10
owncloud owncloud 5.0.12
CVE-2021-40926 MEDIUM

Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
getid3 getid3 2.0.0
getid3 getid3 *