An issue exists in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
subsonic subsonic 6.1.1 |