4 matches found
EUVD-2009-0152
Malware in sbrugna...
EUVD-2018-20876
Malware in sbrugna...
Cross site scripting
An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...
CVE-2017-9414
Cross-site request forgery CSRF vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting XSS attacks or possibly have unspecified other impact via the name paramet...