Cross-site Scripting (XSS) - Stored in ampache/ampache


Reported on

Aug 13th 2021

✍️ Description

This is a stored XSS in the mp3 management library.

🕵️‍♂️ Proof of Concept

  1. Edit meta data with Audacity: File preparation
  1. Create a new playlist that contains this file.
  1. Vote an album (1) and then open "Informations" -> "Most rated" (2): XSS


💥 Impact

By uploading an mp3 with javascript code into meta tag could permit an attacker to execute every type of javascript code in the browser of the user who imported that file, so steal cookies or execute other evil code.

We have contacted a member of the ampache team and are waiting to hear back 3 months ago
lachlan validated this vulnerability 3 months ago
loviuz has been awarded the disclosure bounty
The fix bounty is now up for grabs
lachlan confirmed that a fix has been merged on bb0bc1 3 months ago
lachlan has been awarded the fix bounty