CVE-2008-3567

Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.

Published: Aug 10, 2008
Updated: Nov 9, 2025
CVE: CVE-2008-3567
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
nullsoft / winamp	2.6x	2.6x.x
nullsoft / winamp	5.093	5.093.x
nullsoft / winamp	2.64	2.64.x
nullsoft / winamp	5.36	5.36.x
nullsoft / winamp	5.24	5.24.x
nullsoft / winamp	2.62	2.62.x
nullsoft / winamp	5.111	5.111.x
nullsoft / winamp	2.24	2.24.x
nullsoft / winamp	5.09	5.09.x
nullsoft / winamp	-	5.54.x
nullsoft / winamp	2.50	2.50.x
nullsoft / winamp	5.31	5.31.x
nullsoft / winamp	5.05	5.05.x
nullsoft / winamp	2.72	2.72.x
nullsoft / winamp	5.23	5.23.x
nullsoft / winamp	2.73	2.73.x
nullsoft / winamp	2.90	2.90.x
nullsoft / winamp	2.61	2.61.x
nullsoft / winamp	5.112	5.112.x
nullsoft / winamp	2.75	2.75.x
nullsoft / winamp	5.02	5.02.x
nullsoft / winamp	5.01	5.01.x
nullsoft / winamp	5.53	5.53.x
nullsoft / winamp	5.33	5.33.x
nullsoft / winamp	2.65	2.65.x
nullsoft / winamp	5.5	5.5.x
nullsoft / winamp	5.34	5.34.x
nullsoft / winamp	5.0.2	5.0.2.x
nullsoft / winamp	3.1	3.1.x
nullsoft / winamp	5.12	5.12.x
nullsoft / winamp	2.76	2.76.x
nullsoft / winamp	2.80	2.80.x
nullsoft / winamp	2.91	2.91.x
nullsoft / winamp	5.21	5.21.x
nullsoft / winamp	5.094	5.094.x
nullsoft / winamp	5.1	5.1.x
nullsoft / winamp	2.74	2.74.x
nullsoft / winamp	5.3	5.3.x
nullsoft / winamp	2.71	2.71.x
nullsoft / winamp	5.04	5.04.x
nullsoft / winamp	5.03a	5.03a.x
nullsoft / winamp	5.32	5.32.x
nullsoft / winamp	2.78	2.78.x
nullsoft / winamp	2.81	2.81.x
nullsoft / winamp	5.08d	5.08d.x
nullsoft / winamp	5.08	5.08.x
nullsoft / winamp	5.0.1	5.0.1.x
nullsoft / winamp	2.77	2.77.x
nullsoft / winamp	5.11	5.11.x
nullsoft / winamp	2.5e	2.5e.x
nullsoft / winamp	2.4	2.4.x
nullsoft / winamp	5.51	5.51.x
nullsoft / winamp	5.06	5.06.x
nullsoft / winamp	2.0	2.0.x
nullsoft / winamp	5.07	5.07.x
nullsoft / winamp	5.13	5.13.x
nullsoft / winamp	2.10	2.10.x
nullsoft / winamp	2.60	2.60.x
nullsoft / winamp	5.091	5.091.x
nullsoft / winamp	5.52	5.52.x
nullsoft / winamp	5.2	5.2.x
nullsoft / winamp	3.0	3.0.x
nullsoft / winamp	2.70	2.70.x
nullsoft / winamp	2.95	2.95.x
nullsoft / winamp	5.03	5.03.x
nullsoft / winamp	2.7x	2.7x.x
nullsoft / winamp	2.79	2.79.x
nullsoft / winamp	5.0	5.0.x
nullsoft / winamp	5.08e	5.08e.x
nullsoft / winamp	5.35	5.35.x
nullsoft / winamp	5.22	5.22.x
nullsoft / winamp	5.08c	5.08c.x

Vulnerability Database

316,080

CVE-2008-3567

Deep Security Visibility Without the Complexity