Cross-site Scripting (XSS) - Stored in ampache/ampache
Aug 13th 2021
This is a stored XSS in the mp3 management library.
🕵️♂️ Proof of Concept
- Edit meta data with Audacity:
- Create a new playlist that contains this file.
- Open "Artists" (1) under "Search" menu and then "Search" (2):