Approved changes feed: RSS · Atom
cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ampache (88d8c45b-5779-544d-8d14-751e5b71c268) |
|---|---|
| Product | Ampache (35a70192-fdb3-527e-924f-f2f51aded1ff) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/ampache/ampache |
purl2cpe | 2026-06-01 10:12:40.614812 |
pkg:github/ampache/ampache |
purl2cpe | 2026-06-01 10:12:40.614814 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-51490 |
vulnerable | 2026-06-08 06:52:12.156745 |
Stored Cross-Site Scripting in Ampache
MEDIUM (5.5)
Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:35:21.582Z
Updated: 2024-11-12T01:44:17.324Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-51489 |
vulnerable | 2026-06-08 06:52:12.156279 |
Insufficient Message Token Validation in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:37:45.808Z
Updated: 2024-11-12T01:44:27.158Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-51488 |
vulnerable | 2026-06-08 06:52:12.155796 |
Insufficient Validation in Delete Message in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:42:29.878Z
Updated: 2024-11-12T01:44:07.126Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-51487 |
vulnerable | 2026-06-08 06:52:12.155319 |
Insufficient Validation in Catalog (Activation/Deactivation) in Ampache
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:43:07.322Z
Updated: 2024-11-12T01:43:48.257Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-51486 |
vulnerable | 2026-06-08 06:52:12.154824 |
Stored Cross-Site Scripting in Ampache
MEDIUM (5.5)
Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-11-11T19:44:55.279Z
Updated: 2024-11-12T01:43:28.573Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-51485 |
vulnerable | 2026-06-08 06:52:12.154439 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-51484 |
vulnerable | 2026-06-08 06:52:12.153257 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47828 |
vulnerable | 2026-06-08 06:48:13.325607 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47184 |
vulnerable | 2026-06-08 06:48:11.557386 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-41665 |
vulnerable | 2026-06-08 06:43:54.827146 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28853 |
vulnerable | 2026-06-08 06:33:27.734106 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28852 |
vulnerable | 2026-06-08 06:33:27.733683 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0771 |
vulnerable | 2026-06-08 05:52:32.585199 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0606 |
vulnerable | 2026-06-08 05:52:32.058342 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-4665 |
vulnerable | 2026-06-08 05:52:00.141886 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32644 |
vulnerable | 2026-06-08 05:32:07.762099 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-21399 |
vulnerable | 2026-06-08 05:29:11.818772 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15153 |
vulnerable | 2026-06-08 05:19:25.384989 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12386 |
vulnerable | 2026-06-08 05:12:38.988166 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12385 |
vulnerable | 2026-06-08 05:12:38.987726 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-4438 |
vulnerable | 2026-06-08 04:49:56.321266 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-4437 |
vulnerable | 2026-06-08 04:49:56.320853 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.