Cross-site Scripting (XSS) - Reflected in ampache/ampache
CVE-2023-0606

6.1MEDIUM

Key Information:

Vendor: Ampache
Status: Ampache/ampache
Vendor: CVE Published:; 1 February 2023

🔔 Create Ampache Vulnerability Alert

What is CVE-2023-0606?

Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.

Affected Version(s)

ampache/ampache < 5.5.7

References

https://huntr.dev/bounties/0bfed46d-ac96-43c4-93fb-13f68b...

https://github.com/ampache/ampache/commit/d3191503ca856df...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

CVSS V3.0

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Feb 1, 2023