PT-2024-22605 · Ampache · Ampache

·

CVE-2024-28852

·

Published

2024-03-27

·

Updated

2024-03-27

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Ampache versions prior to 6.3.1
Description Ampache, a web-based audio/video streaming application and file manager, has multiple reflective XSS vulnerabilities. This issue affects all forms in Ampache that use the rule variable, such as when querying a song or a podcast, where the $rule variable is utilized.
Recommendations For versions prior to 6.3.1, update to version 6.3.1 to resolve the issue. As a temporary workaround, consider restricting the use of the rule variable in forms until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2024-28852
GHSA-G7HX-HM68-F639

Affected Products

Ampache