Lucene search
K

158 matches found

Prion
Prion
added 2018/09/21 4:29 p.m.19 views

Cross site scripting

An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/09/21 4:29 p.m.5 views

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

6.1CVSS5.7AI score0.00675EPSS
Exploits1References1
Prion
Prion
added 2018/09/21 4:29 p.m.16 views

Cross site scripting

An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...

4.3CVSS5.8AI score0.00675EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/09/21 4:29 p.m.9 views

Cross site scripting

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...

4.3CVSS6AI score0.00675EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/09/21 4:29 p.m.6 views

CVE-2018-14688

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...

6.1CVSS5.7AI score
Exploits0References1
Prion
Prion
added 2018/09/21 4:29 p.m.20 views

Cross site scripting

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/09/21 4:29 p.m.16 views

Cross site scripting

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/21 4:0 p.m.27 views

CVE-2018-14690

An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim...

6AI score0.00675EPSS
Exploits1References1
CVE
CVE
added 2018/09/21 4:0 p.m.39 views

CVE-2018-14690

Subsonic 6.1.1 is affected by two stored cross-site scripting vulnerabilities in the generalSettings.view endpoint (parameters: title and subtitle). The issue can allow an attacker to obtain session information from victims. The CVE entry notes the vulnerability in Subsonic’s generalSettings, but...

6.1CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/09/21 4:0 p.m.38 views

CVE-2018-14691

Subsonic 6.1.1 is affected by three stored XSS vulnerabilities in the music-tags feature. The flaws exist in the parameters c0-param2, c0-param3, and c0-param4 of dwr/call/plaincall/tagService.setTags.dwr, allowing an attacker to steal a victim’s session information. Public references in the prov...

6.1CVSS6AI score0.00675EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/21 4:0 p.m.17 views

CVE-2018-9282

An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...

5.9AI score0.00675EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/09/21 4:0 p.m.17 views

CVE-2018-14691

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...

6.1AI score0.00675EPSS
Exploits1References1
CVE
CVE
added 2018/09/21 4:0 p.m.61 views

CVE-2018-9282

CVE-2018-9282 concerns a stored XSS vulnerability in Subsonic Media Server 6.1.1. The issue affects the podcast subscription form via the add parameter to podcastReceiverAdmin.view, allowing an attacker to inject JavaScript without needing administrator access. This could be used to manipulate a ...

6.1CVSS5.8AI score0.00675EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/09/21 4:0 p.m.36 views

CVE-2018-14688

CVE-2018-14688 affects Subsonic 6.1.1. Three stored XSS vulnerabilities exist in the radio settings inputs name[x], streamUrl[x], and homepageUrl[x] that are sent to internetRadioSettings.view, enabling an attacker to steal session information. Publicly documented details in CNVD-2018-19874 and C...

6.1CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/09/21 4:0 p.m.38 views

CVE-2018-14689

Subsonic 6.1.1 is affected by five stored cross‑site scripting vulnerabilities in transcodingSettings.view parameters (name[x], sourceformats[x], targetFormat[x], step1[x], step2[x]). Impact: potential to steal session information of a victim. Root cause: stored XSS in the transcoding settings. A...

6.1CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/21 4:0 p.m.20 views

CVE-2018-14688

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...

6AI score0.00675EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/09/21 4:0 p.m.16 views

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

6AI score0.00675EPSS
Exploits1References1
NVD
NVD
added 2018/09/11 9:29 p.m.15 views

CVE-2018-15898

The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data...

5.9CVSS5.6AI score0.00907EPSS
Exploits0References2
OSV
OSV
added 2018/09/11 9:29 p.m.5 views

CVE-2018-15898

The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data...

5.9CVSS5.8AI score0.00907EPSS
Exploits0References2
Prion
Prion
added 2018/09/11 9:29 p.m.13 views

Design/Logic Flaw

The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data...

4.3CVSS5.6AI score0.00907EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder