Description

Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Remediation

References

CVE-2024-51490

Related Vulnerabilities

WordPress Plugin Bug Library Cross-Site Scripting (2.0.3)

Oracle Database Server CVE-2008-2602 Vulnerability (CVE-2008-2602)

Django Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4140)

WordPress Plugin Slider Revolution Responsive Local File Inclusion (4.1.4)

WordPress Plugin Elementor Pro Arbitrary File Upload (2.9.3)

Severity

Critical

Classification

CVE-2024-51490 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities