CVE-2024-41665

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-41665

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41665.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41665

Aliases

GHSA-cp44-89r2-fxph

Downstream

UBUNTU-CVE-2024-41665

Published

2024-07-23T17:14:56.459Z

Modified

2025-12-05T05:39:00.012246Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Ampache Stored Cross-site Scripting Vulnerability

Details

Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions can set the Name field to <svg onload=alert(8)>. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the democratic.php file. Version 6.6.0 contains a patch for the issue.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41665.json"
}

References

Affected packages

Git / github.com/ampache/ampache

Affected ranges

Type: GIT
Repo: https://github.com/ampache/ampache
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

860592aa10a12cec318ed7eee15ff509b06a5331

Affected versions

3.*

3.6-alpha1

3.6-alpha2

3.6-alpha3

3.6-alpha4

3.6-alpha5

3.6-alpha6

3.7.0

3.8.0

3.8.0-beta1

3.8.0-beta2

3.8.1

3.8.1-beta1

3.8.1-beta2

3.8.2

3.8.3

3.8.4

3.8.5

3.8.6

3.8.7

3.8.8

3.8.9

3.9.0

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.1.0

4.1.1

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.3.0

4.4.0

4.4.1

4.4.2

5.*

5.0.0

5.0.0-pre-release

5.0.0-pre-release1

5.0.0-pre-release2

5.0.0-pre-release3

5.0.0-preview1

5.1.0

5.1.1

5.2.0

5.2.1

5.3.0

5.3.1

5.3.2

5.3.3

5.4.0

5.4.1

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.6.0

5.6.1

5.6.2

6.*

6.0.0

6.0.0-preview1

6.0.0-preview2

6.0.1

6.0.2

6.0.3

6.1.0

6.2.0

6.2.1

6.3.0

6.3.1

6.4.0

6.5.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41665.json"