Cross-site Scripting (XSS) - Stored in ampache/ampache


Reported on

Aug 13th 2021

✍️ Description

This is a stored XSS in the mp3 management library.

🕵️‍♂️ Proof of Concept

  1. Edit meta data with Audacity: File preparation
  1. Create a new playlist that contains this file.
  1. Open "Album" (1) under "Search" menu then click "Search" (2): XSS

💥 Impact

By uploading an mp3 with javascript code into meta tag could permit an attacker to execute every type of javascript code in the browser of the user who imported that file, so steal cookies or execute other evil code.

We have contacted a member of the ampache team and are waiting to hear back a month ago
loviuz submitted a
a month ago
lachlan validated this vulnerability 25 days ago
loviuz has been awarded the disclosure bounty
The fix bounty is now up for grabs
lachlan confirmed that a fix has been merged on bb0bc1 24 days ago
loviuz has been awarded the fix bounty