Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subsonic subsonic 6.1.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-14691
An issue exists in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victi...
Subsonic Subsonic 6.1.1
6.1
CVSSv3
CVE-2018-9282
An XSS issue exists in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipu...
Subsonic Subsonic 6.1.1
8.8
CVSSv3
CVE-2017-9413
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote malicious users to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Int...
Subsonic Subsonic 6.1.1
1 EDB exploit
8.8
CVSSv3
CVE-2017-9414
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote malicious users to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other ...
Subsonic Subsonic 6.1.1
1 EDB exploit
6.1
CVSSv3
CVE-2018-14688
An issue exists in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of...
Subsonic Subsonic 6.1.1
6.1
CVSSv3
CVE-2018-14689
An issue exists in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used...
Subsonic Subsonic 6.1.1
6.1
CVSSv3
CVE-2018-14690
An issue exists in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim.
Subsonic Subsonic 6.1.1
7.5
CVSSv3
CVE-2017-9415
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
Subsonic Subsonic 6.1.1
1 EDB exploit
7.4
CVSSv3
CVE-2017-9355
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote malicious users to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Subsonic Subsonic 6.1.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started