CVE-2018-14690
Subsonic 6.1.1 is affected by two stored cross-site scripting vulnerabilities in the generalSettings.view endpoint (parameters: title and subtitle). The issue can allow an attacker to obtain session information from victims. The CVE entry notes the vulnerability in Subsonic’s generalSettings, but...