CVE-2024-28852

{"id": "CVE-2024-28852", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-03-27T14:15:10.340", "references": [{"url": "https://github.com/ampache/ampache/blob/bcaa9a4624acf8c8cc4c135be77b846731fb1ba2/src/Repository/Model/Search.php#L1732-L1740", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/ampache/ampache/security/advisories/GHSA-g7hx-hm68-f639", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/ampache/ampache/blob/bcaa9a4624acf8c8cc4c135be77b846731fb1ba2/src/Repository/Model/Search.php#L1732-L1740", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ampache/ampache/security/advisories/GHSA-g7hx-hm68-f639", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.1\n"}, {"lang": "es", "value": "Ampache es una aplicaci\u00f3n de transmisi\u00f3n de audio/v\u00eddeo y un administrador de archivos basado en web. Ampache tiene m\u00faltiples vulnerabilidades XSS reflectantes, lo que significa que todos los formularios en Ampache que usan \"regla\" como variable no son seguros. Por ejemplo, al consultar una canci\u00f3n, al consultar un podcast, necesitamos usar la variable `$rule`. Esta vulnerabilidad se solucion\u00f3 en 6.3.1."}], "lastModified": "2025-02-05T21:20:47.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9E60433-868B-4354-93F8-C418983B189A", "versionEndExcluding": "6.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}