{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T12:17:23.951","vulnerabilities":[{"cve":{"id":"CVE-2024-28852","sourceIdentifier":"security-advisories@github.com","published":"2024-03-27T14:15:10.340","lastModified":"2026-06-17T07:21:53.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.1\n"},{"lang":"es","value":"Ampache es una aplicación de transmisión de audio/vídeo y un administrador de archivos basado en web. Ampache tiene múltiples vulnerabilidades XSS reflectantes, lo que significa que todos los formularios en Ampache que usan \"regla\" como variable no son seguros. Por ejemplo, al consultar una canción, al consultar un podcast, necesitamos usar la variable `$rule`. Esta vulnerabilidad se solucionó en 6.3.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ampache","product":"ampache","versions":[{"version":"< 6.3.1","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"ampache","product":"ampache","defaultStatus":"unknown","cpes":["cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"6.3.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-03-27T19:23:59.537407Z","id":"CVE-2024-28852","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ampache:ampache:*:*:*:*:*:*:*:*","versionEndExcluding":"6.3.1","matchCriteriaId":"A9E60433-868B-4354-93F8-C418983B189A"}]}]}],"references":[{"url":"https://github.com/ampache/ampache/blob/bcaa9a4624acf8c8cc4c135be77b846731fb1ba2/src/Repository/Model/Search.php#L1732-L1740","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/ampache/ampache/security/advisories/GHSA-g7hx-hm68-f639","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/ampache/ampache/blob/bcaa9a4624acf8c8cc4c135be77b846731fb1ba2/src/Repository/Model/Search.php#L1732-L1740","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/ampache/ampache/security/advisories/GHSA-g7hx-hm68-f639","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}