Unrated severityNVD Advisory· Published Jul 23, 2024· Updated Aug 2, 2024
Ampache Stored Cross-site Scripting Vulnerability
CVE-2024-41665
Description
Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions can set the Name field to `. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the democratic.php` file. Version 6.6.0 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/ampache/ampache/security/advisories/GHSA-cp44-89r2-fxphmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.