SecuritySpace - CVE-2019-12386

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2019-12386

Description: An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.

Test IDs: 1.3.6.1.4.1.25623.1.0.891988

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-12386
https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/
https://lists.debian.org/debian-lts-announce/2019/11/msg00008.html

CVE ID:	CVE-2019-12386
Description:	An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.
Test IDs:	1.3.6.1.4.1.25623.1.0.891988
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12386 https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/ https://lists.debian.org/debian-lts-announce/2019/11/msg00008.html