158 matches found
CVE-2018-20228
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF...
Design/Logic Flaw
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF...
CVE-2018-20228
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF...
CVE-2018-20228
CVE-2018-20228 concerns Subsonic V6.1.5 where an issue in internetRadioSettings.view streamUrl enables CSRF, enabling Server-Side Request Forgery (SSRF). Public description confirms the vulnerability affecting Subsonic 6.1.5 and identifies CSRF and SSRF as the outcomes. NVD data lists CVSS scores...
Subsonic v6.1.5 - Server Side Request Forgery & CSRF
Document Title: =============== Subsonic v6.1.5 - Server Side Request Forgery & CSRF References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2175 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20228 CVE-ID: ======= CVE-2018-20228 Release Date:...
Subsonic Server-Side Request Forgery Vulnerability
Subsonic is a media file hosting platform. A request forgery vulnerability exists on the server side of Subsonic. The vulnerability is located in the "internetRadioSettings.view" module and in the "streamUrl" parameter of the localhost path URL. This could allow a remote attacker to hijack the...
Subsonic v6.1.5 - Server Side Request Forgery & CSRF
Document Title: =============== Subsonic v6.1.5 - Server Side Request Forgery & CSRF References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2175 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20228 CVE-ID: ======= CVE-2018-20228 Release Date:...
Subsonic Media Server Cross-Site Scripting Vulnerability
Subsonic Media Server is a media file hosting platform. A cross-site scripting vulnerability in the podcast subscription form in Subsonic Media Server version 6.1.1 can be exploited by a remote attacker by sending the 'add' parameter to the podcastReceiverAdmin.view file to manipulate a user's...
Subsonic cross-site scripting vulnerability (CNVD-2018-19874)
Subsonic is a media file hosting platform. The 'namex', 'streamUrlx', and 'homepageUrlx' in the Subsonic version 6.1.1 A cross-site scripting vulnerability exists in the 'namex', 'streamUrlx', and 'homepageUrlx' parameters, which can be exploited by a remote attacker by sending 'namex',...
Subsonic Cross-Site Scripting Vulnerability
Subsonic is a media file hosting platform developed and maintained by software developer Sindre Mehus. The 'c0-param2', 'c0-param3', and 'c0-param3' parameters in Subsonic version 6.1.1 suffer from a cross-site Scripting vulnerability. A remote attacker can send 'c0-param2', 'c0-param3', and...
Subsonic cross-site scripting vulnerability (CNVD-2018-20097)
Subsonic is a media file hosting platform developed and maintained by software developer Sindre Mehus. A cross-site scripting vulnerability exists in generalSettings in Subsonic version 6.1.1. A remote attacker can exploit this vulnerability by sending the 'title' and 'subtitle' parameters to the...
Subsonic cross-site scripting vulnerability (CNVD-2018-20096)
Subsonic is a media file hosting platform developed and maintained by software developer Sindre Mehus. A cross-site scripting vulnerability exists in the settings of the translation code in Subsonic version 6.1.1. A remote attacker can exploit the vulnerability by sending multiple parameters to t...
CVE-2018-14690
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...
CVE-2018-9282
An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...
CVE-2018-14690
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...
CVE-2018-9282
An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...
CVE-2018-14691
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...
CVE-2018-14691
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
CVE-2018-14688
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...