{"id":"CVE-2023-0606","summary":"Cross-site Scripting (XSS) - Reflected in ampache/ampache","details":"Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.","modified":"2026-04-02T08:34:24.466361Z","published":"2023-02-01T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0606.json","cwe_ids":["CWE-79"],"cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/0bfed46d-ac96-43c4-93fb-13f68b4e711b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/0xxx/CVE-2023-0606.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0606"},{"type":"FIX","url":"https://github.com/ampache/ampache/commit/d3191503ca856dfe0b33d7cb17717ffd480046cb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ampache/ampache","events":[{"introduced":"0"},{"fixed":"39f0eb4ad1fcefad5bc19e6320287654717e7a1e"}]}],"versions":["3.5.1","3.5.2","3.5.3","3.5.4","3.6-alpha1","3.6-alpha2","3.6-alpha3","3.6-alpha4","3.6-alpha5","3.6-alpha6","3.7.0","3.8.0","3.8.0-beta1","3.8.0-beta2","3.8.1","3.8.1-beta1","3.8.1-beta2","3.8.2","3.8.3","3.8.4","3.8.5","3.8.6","3.8.7","3.8.8","3.8.9","3.9.0","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.1.0","4.1.1","4.2.0","4.2.1","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6","4.3.0","4.4.0","4.4.1","4.4.2","4.4.3","5.0.0","5.0.0-pre-release","5.0.0-pre-release1","5.0.0-pre-release2","5.0.0-pre-release3","5.0.0-preview1","5.1.0","5.1.1","5.2.0","5.2.1","5.3.0","5.3.1","5.3.2","5.3.3","5.4.0","5.4.1","5.5.0","5.5.1","5.5.2","5.5.3","5.5.4","5.5.5","5.5.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0606.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}]}