CVE-2021-32644

Name of the Vulnerable Software and Affected Versions Ampache versions 4.x.y through 4.4.2

Description The issue is related to a lack of protection for the web page structure, which can be exploited for cross-site scripting attacks. Additionally, there is a code injection vulnerability in the random.php file due to insufficient input filtering. The exploitation of this issue may require user authentication to access the vulnerable page, unless the site is in demo mode.

Recommendations For Ampache versions 4.x.y through 4.4.2, update to version 4.4.3 to resolve the issue. As a temporary workaround, consider restricting access to the random.php page to minimize the risk of exploitation.