Cross-site Scripting (XSS) - Stored in ampache/ampache


Reported on

Aug 13th 2021

✍️ Description

This is a stored XSS in the mp3 management library.

🕵️‍♂️ Proof of Concept

  1. Edit meta data with Audacity: File preparation
  1. Create a new playlist that contains this file.
  1. Mark the album as favorite (1) and then open "Informations" -> "Favorites" (2): XSS


💥 Impact

By uploading an mp3 with javascript code into meta tag could permit an attacker to execute every type of javascript code in the browser of the user who imported that file, so steal cookies or execute other evil code.

We have contacted a member of the ampache team and are waiting to hear back 3 years ago
lachlan validated this vulnerability 3 years ago
loviuz has been awarded the disclosure bounty
The fix bounty is now up for grabs
lachlan marked this as fixed with commit bb0bc1 2 years ago
lachlan has been awarded the fix bounty
to join this conversation