Ampache Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-28852 - Vulnerability Database

Ampache

Ampache Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-28852

Medium

Reference: CVE-2024-28852

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-28852

Title: Ampache Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilitiesthis means that all forms in the Ampache that use rule as a variable are not secure. For example when querying a song when querying a podcast we need to use rule variable. This vulnerability is fixed in 6.3.1