Ampache Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-28852 - Vulnerability Database

Ampache Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-28852

Medium
Reference: CVE-2024-28852
Title: Ampache Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilitiesthis means that all forms in the Ampache that use rule as a variable are not secure. For example when querying a song when querying a podcast we need to use rule variable. This vulnerability is fixed in 6.3.1