
CVE-2024-28852
- Reference to the description:
- Description:
- Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.1
- Last updated date:
- 02/05/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/05/2025
- Reference url to background
https://github.com/ampache/ampache/security/advisories/GHSA-g7hx-hm68-f639