PT-2024-34655 · Ampache · Ampache

Hacking-Notes

Published

2024-11-11

Updated

2024-11-14

CVE-2024-51490

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ampache versions prior to 7.0.1

Description The issue exists in the interface section of the Ampache menu, specifically where users can change the "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript.

Recommendations For versions prior to 7.0.1, upgrade to version 7.0.1 to address the issue. As a temporary workaround, consider restricting access to the "Custom URL - Logo" section until the upgrade is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-51490

GHSA-X979-F6PX-7J2W

Affected Products

Ampache

PT-2024-34655 · Ampache · Ampache

CVE-2024-51490

Weakness Enumeration

Related Identifiers

Affected Products

References · 9