Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ampache Stored Cross-site Scripting Vulnerability
Vulnerability Description
Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions can set the Name field to `<svg onload=alert(8)>`. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the `democratic.php` file. Version 6.6.0 contains a patch for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Ampache 跨站脚本漏洞
Vulnerability Description
Ampache是Ampache开源的一款基于Web的音频/视频应用程序和文件管理器。 Ampache 6.6.0 版本之前存在跨站脚本漏洞,该漏洞源于“Playlists - Democratic - Configure Democratic Playlist”功能中,包含一个存储型跨站脚本漏洞。具有内容管理器权限的攻击者利用该漏洞可以在 Name 字段注入 JavaScript 代码。
CVSS Information
N/A
Vulnerability Type
N/A