CVE-2024-28852 Information

Description

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilitiesthis means that all forms in the Ampache that use rule as a variable are not secure. For example when querying a song when querying a podcast we need to use $rule variable. This vulnerability is fixed in 6.3.1

Reference

https://github.com/ampache/ampache/security/advisories/GHSA-g7hx-hm68-f639 https://github.com/ampache/ampache/blob/bcaa9a4624acf8c8cc4c135be77b846731fb1ba2/src/Repository/Model/Search.php#L1732-L1740