Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subsonic vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2023-51442
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON We...
Navidrome Navidrome
7.5
CVSSv3
CVE-2021-21399
Ampache is a web based audio/video streaming application and file manager. Versions before 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For mor...
Ampache Ampache
8
CVSSv3
CVE-2018-20228
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
Subsonic Subsonic 6.1.5
6.1
CVSSv3
CVE-2018-14691
An issue exists in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victi...
Subsonic Subsonic 6.1.1
6.1
CVSSv3
CVE-2018-14689
An issue exists in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used...
Subsonic Subsonic 6.1.1
6.1
CVSSv3
CVE-2018-14690
An issue exists in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim.
Subsonic Subsonic 6.1.1
6.1
CVSSv3
CVE-2018-9282
An XSS issue exists in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipu...
Subsonic Subsonic 6.1.1
6.1
CVSSv3
CVE-2018-14688
An issue exists in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of...
Subsonic Subsonic 6.1.1
5.9
CVSSv3
CVE-2018-15898
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle malicious users to obtain interaction data.
Subsonic Music Streamer 4.4
5.9
CVSSv3
CVE-2018-1000664
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appea...
Dsub For Subsonic Project Dsub For Subsonic 5.4.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »