An issue exists in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of a victim.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
subsonic subsonic 6.1.1 |