158 matches found
Cross site scripting
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
Cross site scripting
An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...
Cross site scripting
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...
CVE-2018-14688
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...
Cross site scripting
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...
Cross site scripting
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
CVE-2018-14690
An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...
CVE-2018-14690
Subsonic 6.1.1 is affected by two stored cross-site scripting vulnerabilities in the generalSettings.view endpoint (parameters: title and subtitle). The issue can allow an attacker to obtain session information from victims. The CVE entry notes the vulnerability in Subsonic’s generalSettings, but...
CVE-2018-14691
Subsonic 6.1.1 is affected by three stored XSS vulnerabilities in the music-tags feature. The flaws exist in the parameters c0-param2, c0-param3, and c0-param4 of dwr/call/plaincall/tagService.setTags.dwr, allowing an attacker to steal a victim’s session information. Public references in the prov...
CVE-2018-9282
An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...
CVE-2018-14691
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...
CVE-2018-9282
CVE-2018-9282 concerns a stored XSS vulnerability in Subsonic Media Server 6.1.1. The issue affects the podcast subscription form via the add parameter to podcastReceiverAdmin.view, allowing an attacker to inject JavaScript without needing administrator access. This could be used to manipulate a ...
CVE-2018-14688
CVE-2018-14688 affects Subsonic 6.1.1. Three stored XSS vulnerabilities exist in the radio settings inputs name[x], streamUrl[x], and homepageUrl[x] that are sent to internetRadioSettings.view, enabling an attacker to steal session information. Publicly documented details in CNVD-2018-19874 and C...
CVE-2018-14689
Subsonic 6.1.1 is affected by five stored cross‑site scripting vulnerabilities in transcodingSettings.view parameters (name[x], sourceformats[x], targetFormat[x], step1[x], step2[x]). Impact: potential to steal session information of a victim. Root cause: stored XSS in the transcoding settings. A...
CVE-2018-14688
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
CVE-2018-15898
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data...
CVE-2018-15898
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data...
Design/Logic Flaw
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data...