CVE-2018-14691
Subsonic 6.1.1 is affected by three stored XSS vulnerabilities in the music-tags feature. The flaws exist in the parameters c0-param2, c0-param3, and c0-param4 of dwr/call/plaincall/tagService.setTags.dwr, allowing an attacker to steal a victim’s session information. Public references in the prov...