Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions can set the Name field to `<svg onload=alert(8)>`. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the `democratic.php` file. Version 6.6.0 contains a patch for the issue.
References
Configurations
No configuration.
History
21 Nov 2024, 09:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/ampache/ampache/security/advisories/GHSA-cp44-89r2-fxph - |
24 Jul 2024, 12:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Jul 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-23 18:15
Updated : 2024-11-21 09:32
NVD link : CVE-2024-41665
Mitre link : CVE-2024-41665
CVE.ORG link : CVE-2024-41665
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')