Cross-site Scripting (XSS) - Stored in ampache/ampache
Oct 14th 2021
ampache has a stored XSS in the View Existing User , an attacker could exploit with the Website attribute to steal the other users' cookie
Proof of Concept
- Visit http://ampache//index.php#preferences.php?tab=account
set the Website attribut toe： foo" onmouseover=alert(document.cookie) //
When the other user (such as Administrator) are browsing users
This vulnerability is capable of ● Steal the other user's cookie, forging their identity ● The end user’s browser has no way to know that the script should not be trusted, and will execute the script. ● These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.