CVE-2024-28853

Опубликовано: 27 мар. 2024

Источник: nvd

CVSS3: 3.9

CVSS3: 5.9

EPSS Низкий

Описание

Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1.

Ссылки

https://github.com/ampache/ampache/security/advisories/GHSA-prw2-7cr3-5mx8
Vendor Advisory
https://github.com/ampache/ampache/security/advisories/GHSA-prw2-7cr3-5mx8
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*

Версия до 6.3.1 (исключая)

EPSS

Процентиль: 65%

0.00489

Низкий

3.9 Low

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-28853

CVSS3: 3.9

ubuntu

почти 2 года назад

CVE-2024-28853

CVSS3: 3.9

debian

почти 2 года назад

Ampache is a web based audio/video streaming application and file mana ...

EPSS

Процентиль: 65%

0.00489

Низкий

3.9 Low

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-79