Vulnerabilities > CVE-2024-51486 - Unspecified vulnerability in Ampache 7.0.0

CVSS 8.4 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ampache

NVD

Published: 2024-11-11

Updated: 2024-11-21

Summary

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL?-?Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Ampache Ampache Ampache 7.0.0	1

References

https://github.com/ampache/ampache/security/advisories/GHSA-4xw5-f7xm-vpw5