Cross-site Scripting (XSS) - Stored in ampache/ampache

Valid

Reported on

Oct 14th 2021


Description

ampache has a stored XSS in the View Existing User , an attacker could exploit with the Website attribute to steal the other users' cookie

Proof of Concept

  1. Visit http://ampache//index.php#preferences.php?tab=account
set the Website attribut toe:
    foo" onmouseover=alert(document.cookie) //

User-Level's view image

When the other user (such as Administrator) are browsing users

http://ampache/#admin/users.php

Administrator's view image

Impact

This vulnerability is capable of ● Steal the other user's cookie, forging their identity ● The end user’s browser has no way to know that the script should not be trusted, and will execute the script. ● These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.

We have contacted a member of the ampache team and are waiting to hear back 2 months ago
We have contacted a member of the ampache team and are waiting to hear back 2 months ago
hi-unc1e submitted a
2 months ago
lachlan validated this vulnerability 2 months ago
hi-unc1e has been awarded the disclosure bounty
The fix bounty is now up for grabs
lachlan confirmed that a fix has been merged on 59c442 2 months ago
hi-unc1e has been awarded the fix bounty