Cross-site Scripting (XSS) - Stored in ampache/ampache


Reported on

Aug 13th 2021

✍️ Description

This is a stored XSS in the mp3 management library.

🕵️‍♂️ Proof of Concept

  1. Edit meta data with Audacity: File preparation
  1. Create a new playlist that contains this file.
  1. Mark the album as favorite (1) and then open "Informations" -> "Favorites" (2): XSS


💥 Impact

By uploading an mp3 with javascript code into meta tag could permit an attacker to execute every type of javascript code in the browser of the user who imported that file, so steal cookies or execute other evil code.

We have contacted a member of the ampache team and are waiting to hear back a year ago
lachlan validated this vulnerability a year ago
FabioL has been awarded the disclosure bounty
The fix bounty is now up for grabs
lachlan confirmed that a fix has been merged on bb0bc1 a year ago
lachlan has been awarded the fix bounty
to join this conversation