Unrated severityNVD Advisory· Published Mar 27, 2024· Updated Aug 13, 2024

Ampache has multiple reflective XSS vulnerabilities

CVE-2024-28852

Description

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use rule as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use $rule variable. This vulnerability is fixed in 6.3.1

Affected products

Ampache/Ampachev5
Range: < 6.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ampache/ampache/blob/bcaa9a4624acf8c8cc4c135be77b846731fb1ba2/src/Repository/Model/Search.phpmitrex_refsource_MISC
github.com/ampache/ampache/security/advisories/GHSA-g7hx-hm68-f639mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000