Cross-site Scripting (XSS) - Stored in ampache/ampache
Aug 13th 2021
This is a stored XSS in the mp3 management library.
🕵️♂️ Proof of Concept
- Edit meta data with Audacity:
- Create a new playlist that contains this file.
- Vote an album (1) and then open "Informations" -> "Most rated" (2):