17 matches found
CVE-2018-14691
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
CVE-2018-14688
An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...
Cross site scripting
An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...
Cross site scripting
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting XSS attacks or possibly have unspecified other impact via the name paramet...
CVE-2017-9414
Cross-site request forgery CSRF vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting XSS attacks or possibly have unspecified other impact via the name paramet...
CVE-2017-9414
Cross-site request forgery CSRF vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting XSS attacks or possibly have unspecified other impact via the name paramet...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that 1 subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or 2 update Internet Radio Settings via the...
CVE-2017-9413
Multiple cross-site request forgery CSRF vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that 1 subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or 2 update Internet Radio Settings via the...
CVE-2017-9415
Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...
CVE-2017-9415
Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...
Server side request forgery (ssrf)
XML external entity XXE vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted XSPF playlist file...
Subsonic 6.1.1 - Server-Side Request Forgery Vulnerability
Exploit for windows platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...
Subsonic 6.1.1 Server Side Request Forgery
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media...