CVE-2024-41665

Name of the Vulnerable Software and Affected Versions Ampache versions prior to 6.6.0

Description The issue is a stored cross-site scripting (XSS) vulnerability in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions can exploit this by setting the Name field to malicious code, such as <svg onload=alert(8)>, which will affect administrators or users accessing the Democratic functionality. This can lead to the attacker obtaining cookies of affected users. The vulnerability is exploited through the democratic.php file.

Recommendations For versions prior to 6.6.0, update to version 6.6.0 to resolve the issue.