CVE-2017-9415

2017-07-21T14:29:00
ID CVE-2017-9415
Type cve
Reporter cve@mitre.org
Modified 2017-07-25T18:12:00

Description

Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.