A vulnerability in Ampache 4.4.2 has been reported by Ali Oguz using Netsparker Web Application Security For Enterprise (https://www.netsparker.com)
This vulnerability affects the stable branch and it is recommended that you update to 4.4.3 as soon as possible from all 4.x.x versions.
The attack requires user authentication to access the random.php page unless the site is running in demo mode.
Affected Software: Ampache
Affected Versions: 4.4.2
Vulnerability Type: Cross-Site Scripting
Cross-site Scripting in Random.php
URL: /random.php?action=get_advanced&type=%27%22%20onmouseover%3dalert(0x0002DE)%20
Parameter Name: type
Parameter Type: GET
Attack Pattern: %27%22+ns%3dnetsparker(0x0002DE)+
A vulnerability in Ampache 4.4.2 has been reported by Ali Oguz using Netsparker Web Application Security For Enterprise (https://www.netsparker.com)
This vulnerability affects the stable branch and it is recommended that you update to 4.4.3 as soon as possible from all 4.x.x versions.
The attack requires user authentication to access the random.php page unless the site is running in demo mode.
Affected Software: Ampache
Affected Versions: 4.4.2
Vulnerability Type: Cross-Site Scripting
Cross-site Scripting in Random.php
URL: /random.php?action=get_advanced&type=%27%22%20onmouseover%3dalert(0x0002DE)%20
Parameter Name: type
Parameter Type: GET
Attack Pattern: %27%22+ns%3dnetsparker(0x0002DE)+