Approved changes feed: RSS · Atom

cpe:2.3:a:ampache:ampache:4.4.2:*:*:*:*:*:*:*

part: a version: 4.4.2 update: *

VendorAmpache (88d8c45b-5779-544d-8d14-751e5b71c268)
ProductAmpache (35a70192-fdb3-527e-924f-f2f51aded1ff)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:docker/ampache/ampache purl2cpe 2026-06-01 10:12:40.639638
pkg:github/ampache/ampache purl2cpe 2026-06-01 10:12:40.639640

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-32644 vulnerable 2026-06-08 05:32:07.763260 Cross-site Scripting in Random.php
MEDIUM (6.4)
Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.
Published: 2021-06-22T17:45:11.000Z
Updated: 2024-08-03T23:25:31.026Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.