Vulnerabilities > Tunez > Tunez > 0.5.5

DATE CVE VULNERABILITY TITLE RISK
2005-11-26 CVE-2005-3834 Input Validation vulnerability in Tunez
Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter.
network
tunez
4.3
4.3
2005-11-26 CVE-2005-3833 Input Validation vulnerability in Tunez
SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter.
network
low complexity
tunez
7.5
7.5