Cross-site Scripting (XSS) - Stored in ampache/ampache

Valid

Reported on

Aug 13th 2021

✍️ Description

This is a stored XSS in the mp3 management library.

🕵️‍♂️ Proof of Concept

  1. Edit meta data with Audacity: File preparation
  1. Create a new playlist that contains this file.
  1. Open "Artists" (1) under "Search" menu and then on the cover icon: XSS

XSS

💥 Impact

By uploading an mp3 with javascript code into meta tag could permit an attacker to execute every type of javascript code in the browser of the user who imported that file, so steal cookies or execute other evil code.

Occurrences

We have contacted a member of the ampache team and are waiting to hear back 2 years ago
lachlan validated this vulnerability 2 years ago
FabioL has been awarded the disclosure bounty
The fix bounty is now up for grabs
lachlan marked this as fixed with commit bb0bc1 2 years ago
lachlan has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation