Lucene search
K

158 matches found

OSV
OSV
added 2018/12/19 11:29 a.m.7 views

CVE-2018-20228

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF...

8CVSS5.8AI score0.0042EPSS
Exploits3References1
Prion
Prion
added 2018/12/19 11:29 a.m.12 views

Design/Logic Flaw

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF...

6CVSS7.8AI score0.0042EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2018/12/19 11:0 a.m.23 views

CVE-2018-20228

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF...

7.9AI score0.0042EPSS
Exploits3References1
CVE
CVE
added 2018/12/19 11:0 a.m.46 views

CVE-2018-20228

CVE-2018-20228 concerns Subsonic V6.1.5 where an issue in internetRadioSettings.view streamUrl enables CSRF, enabling Server-Side Request Forgery (SSRF). Public description confirms the vulnerability affecting Subsonic 6.1.5 and identifies CSRF and SSRF as the outcomes. NVD data lists CVSS scores...

8CVSS7.8AI score0.0042EPSS
Exploits3References1Affected Software1
Vulnerability Lab
Vulnerability Lab
added 2018/12/17 12:0 a.m.507 views

Subsonic v6.1.5 - Server Side Request Forgery & CSRF

Document Title: =============== Subsonic v6.1.5 - Server Side Request Forgery & CSRF References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2175 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20228 CVE-ID: ======= CVE-2018-20228 Release Date:...

6CVSS0.1AI score0.0042EPSS
Exploits3
CNVD
CNVD
added 2018/12/17 12:0 a.m.3 views

Subsonic Server-Side Request Forgery Vulnerability

Subsonic is a media file hosting platform. A request forgery vulnerability exists on the server side of Subsonic. The vulnerability is located in the "internetRadioSettings.view" module and in the "streamUrl" parameter of the localhost path URL. This could allow a remote attacker to hijack the...

7.1AI score
Exploits0References1
Vulnerability Lab
Vulnerability Lab
added 2018/12/17 12:0 a.m.45 views

Subsonic v6.1.5 - Server Side Request Forgery & CSRF

Document Title: =============== Subsonic v6.1.5 - Server Side Request Forgery & CSRF References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2175 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20228 CVE-ID: ======= CVE-2018-20228 Release Date:...

8CVSS0.1AI score0.0042EPSS
Exploits3
CNVD
CNVD
added 2018/09/26 12:0 a.m.4 views

Subsonic Media Server Cross-Site Scripting Vulnerability

Subsonic Media Server is a media file hosting platform. A cross-site scripting vulnerability in the podcast subscription form in Subsonic Media Server version 6.1.1 can be exploited by a remote attacker by sending the 'add' parameter to the podcastReceiverAdmin.view file to manipulate a user's...

6.1CVSS6.1AI score0.00675EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/26 12:0 a.m.5 views

Subsonic cross-site scripting vulnerability (CNVD-2018-19874)

Subsonic is a media file hosting platform. The 'namex', 'streamUrlx', and 'homepageUrlx' in the Subsonic version 6.1.1 A cross-site scripting vulnerability exists in the 'namex', 'streamUrlx', and 'homepageUrlx' parameters, which can be exploited by a remote attacker by sending 'namex',...

6.1CVSS6.2AI score0.00675EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/25 12:0 a.m.6 views

Subsonic Cross-Site Scripting Vulnerability

Subsonic is a media file hosting platform developed and maintained by software developer Sindre Mehus. The 'c0-param2', 'c0-param3', and 'c0-param3' parameters in Subsonic version 6.1.1 suffer from a cross-site Scripting vulnerability. A remote attacker can send 'c0-param2', 'c0-param3', and...

6.1CVSS6.2AI score0.00675EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/25 12:0 a.m.7 views

Subsonic cross-site scripting vulnerability (CNVD-2018-20097)

Subsonic is a media file hosting platform developed and maintained by software developer Sindre Mehus. A cross-site scripting vulnerability exists in generalSettings in Subsonic version 6.1.1. A remote attacker can exploit this vulnerability by sending the 'title' and 'subtitle' parameters to the...

6.1CVSS6.2AI score0.00675EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/25 12:0 a.m.4 views

Subsonic cross-site scripting vulnerability (CNVD-2018-20096)

Subsonic is a media file hosting platform developed and maintained by software developer Sindre Mehus. A cross-site scripting vulnerability exists in the settings of the translation code in Subsonic version 6.1.1. A remote attacker can exploit the vulnerability by sending multiple parameters to t...

6.1CVSS6.2AI score0.00675EPSS
Exploits1References1
NVD
NVD
added 2018/09/21 4:29 p.m.15 views

CVE-2018-14690

An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...

6.1CVSS6AI score0.00675EPSS
Exploits1References1
NVD
NVD
added 2018/09/21 4:29 p.m.16 views

CVE-2018-9282

An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...

6.1CVSS5.9AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2018/09/21 4:29 p.m.3 views

CVE-2018-14690

An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...

6.1CVSS5.7AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2018/09/21 4:29 p.m.4 views

CVE-2018-9282

An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...

6.1CVSS5.8AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2018/09/21 4:29 p.m.2 views

CVE-2018-14691

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...

6.1CVSS5.7AI score0.00675EPSS
Exploits1References1
NVD
NVD
added 2018/09/21 4:29 p.m.13 views

CVE-2018-14691

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...

6.1CVSS6.1AI score0.00675EPSS
Exploits1References1
NVD
NVD
added 2018/09/21 4:29 p.m.16 views

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

6.1CVSS6AI score0.00675EPSS
Exploits1References1
NVD
NVD
added 2018/09/21 4:29 p.m.19 views

CVE-2018-14688

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...

6.1CVSS6AI score0.00675EPSS
Exploits1References1
Rows per page
Query Builder