Login Sign Up

CVE-2024-41665

5.5 MEDIUM
Cross-Site Scripting

📋 TL;DR

Ampache versions before 6.6.0 contain a stored cross-site scripting (XSS) vulnerability in the Democratic Playlist configuration feature. An attacker with Content Manager permissions can inject malicious scripts that execute when administrators or users access the democratic functionality, potentially stealing session cookies. This affects all Ampache instances running vulnerable versions.

💻 Affected Systems

Products:
  • Ampache
Versions: All versions prior to 6.6.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have Content Manager permissions to exploit

📦 What is this software?

Ampache by Ampache

View all CVEs affecting Ampache →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator session cookies, gains full administrative access to the Ampache instance, and potentially compromises the underlying server.

🟠

Likely Case

Attacker steals user session cookies, gains unauthorized access to user accounts, and may escalate privileges within the application.

🟢

If Mitigated

With proper input validation and output encoding, the XSS payload would be neutralized, preventing script execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires Content Manager permissions; payload example provided in advisory

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.6.0

Vendor Advisory: https://github.com/ampache/ampache/security/advisories/GHSA-cp44-89r2-fxph

Restart Required: Yes

Instructions:

1. Backup your Ampache installation and database. 2. Download Ampache 6.6.0 or later from the official repository. 3. Replace existing files with the new version. 4. Run any database update scripts if required. 5. Restart your web server.

🔧 Temporary Workarounds

Disable Democratic Playlist Feature

all

Temporarily disable access to the Democratic Playlist configuration to prevent exploitation

# Remove or restrict access to democratic.php in your web server configuration

Restrict Content Manager Permissions

all

Review and reduce the number of users with Content Manager permissions

# Review user permissions in Ampache admin panel

🧯 If You Can't Patch

  • Implement strict Content Manager permission reviews and monitoring
  • Deploy web application firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check Ampache version in admin panel or via 'grep -r 'AMPACHE_VERSION' config/ampache.cfg.php'

Check Version:

grep -r 'AMPACHE_VERSION' config/ampache.cfg.php

Verify Fix Applied:

Verify version is 6.6.0 or higher and test Democratic Playlist configuration with XSS payload

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to democratic.php with script tags
  • Multiple failed login attempts followed by Democratic Playlist access

Network Indicators:

  • HTTP requests containing <svg onload=alert> patterns to democratic.php

SIEM Query:

source="web_logs" AND uri="*democratic.php*" AND (body="*<svg*" OR body="*onload=*" OR body="*alert(*")

📊 Metadata

CVE ID: CVE-2024-41665
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-79
Published: July 23, 2024
Last Updated: February 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41665, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)