Approved changes feed: RSS · Atom

cpe:2.3:a:ampache:ampache:7.0.0:*:*:*:*:*:*:*

part: a version: 7.0.0 update: *

VendorAmpache (88d8c45b-5779-544d-8d14-751e5b71c268)
ProductAmpache (35a70192-fdb3-527e-924f-f2f51aded1ff)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:docker/ampache/ampache purl2cpe 2026-06-01 10:12:40.639800
pkg:github/ampache/ampache purl2cpe 2026-06-01 10:12:40.639802

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-51490 vulnerable 2026-06-08 06:52:12.156873 Stored Cross-Site Scripting in Ampache
MEDIUM (5.5)
Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:35:21.582Z
Updated: 2024-11-12T01:44:17.324Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51489 vulnerable 2026-06-08 06:52:12.156315 Insufficient Message Token Validation in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:37:45.808Z
Updated: 2024-11-12T01:44:27.158Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51488 vulnerable 2026-06-08 06:52:12.155830 Insufficient Validation in Delete Message in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:42:29.878Z
Updated: 2024-11-12T01:44:07.126Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51487 vulnerable 2026-06-08 06:52:12.155355 Insufficient Validation in Catalog (Activation/Deactivation) in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:43:07.322Z
Updated: 2024-11-12T01:43:48.257Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51486 vulnerable 2026-06-08 06:52:12.154858 Stored Cross-Site Scripting in Ampache
MEDIUM (5.5)
Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:44:55.279Z
Updated: 2024-11-12T01:43:28.573Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51485 vulnerable 2026-06-08 06:52:12.154482 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51484 vulnerable 2026-06-08 06:52:12.153993 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.