CH Radyo contains two cross-site scripting (XSS) vulnerabilities in the “soru” parameter, which are passed to index.html and mplayer/index.html. The “soru” parameter is not properly sanitized before being returned back to the user, therefore, a remote attacker may leverage this to arbitrarily execute scripts within the user’s browser.
CH Radyo v2 and possibly other versions
Input sent via URL to index.html and mplayer/index.html str not properly sanitized, allowing for attacker-controlled HTML or script returned to the user to execute within the context of the browser.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 34029 - CH Radyo v2 and Prior Cross Site Scripting (Zero-Day)
There are no mitigations currently available.