Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32644)

Description

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.

Remediation

References

Related Vulnerabilities

WordPress Plugin AP Companion includes Backdoor [Only if downloaded via the vendor website] (1.0.6)

WordPress Plugin Campaign Press Cross-Site Scripting (1.0.5)

WordPress Plugin Duplicator-WordPress Migration Security Bypass (0.5.8)

WordPress Plugin Greenshift-animation and page builder blocks Cross-Site Scripting (4.9.9)

WordPress 6.3.x Cross-Site Scripting (6.3 - 6.3.3)

Severity

Medium

Classification

CVE-2021-32644 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities