CVE-2019-12386

NONE
Published Aug 22, 20196y ago · Modified Jun 17, 20261w ago
Find Similar
Published Aug 22, 2019 6y ago
Last Modified Jun 17, 2026 1w ago

Description

An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
ampacheampache* ≤3.9.1

References 2

  • lists.debian.org https://lists.debian.org/debian-lts-announce/2019/11/msg00008.html
  • tarlogic.com https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.