Vulnerability CVE-2024-28853


Published: 2024-03-27

Description:
Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1.

 References:
https://github.com/ampache/ampache/security/advisories/GHSA-prw2-7cr3-5mx8

Copyright 2026, cxsecurity.com

 

Back to Top