Ampache Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-28853
Reference:
CVE-2024-28853
Title:
Ampache Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.phpactionadmin_update_preferences. This vulnerability is fixed in 6.3.1.