📦 Ampache

CVE-2021-21399 is an authentication bypass vulnerability in Ampache's Subsonic API that allows unauthenticated attackers to access the application using a non-existent username. This affects all Ampac...

Ampache versions before 7.0.1 have a CSRF vulnerability in token parsing when activating/deactivating controllers, allowing attackers to trick authenticated administrators into performing unauthorized...

Ampache versions before 7.0.1 have a CSRF vulnerability in catalog activation/deactivation functions. Attackers can trick authenticated administrators into performing unauthorized catalog management a...

This is a stored cross-site scripting (XSS) vulnerability in Ampache's interface configuration that allows authenticated users to inject malicious JavaScript into the favicon URL field. When other use...

Ampache's CSRF token validation flaw allows attackers to forge cross-site request forgery attacks. This enables sending messages to any user, including administrators, via malicious requests. All Ampa...

Ampache versions before 6.6.0 contain a stored cross-site scripting (XSS) vulnerability in the Democratic Playlist configuration feature. An attacker with Content Manager permissions can inject malici...