Lucene search
K

17 matches found

NVD
NVD
added 2018/09/21 4:29 p.m.13 views

CVE-2018-14691

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...

6.1CVSS6.1AI score0.00675EPSS
Exploits1References1
NVD
NVD
added 2018/09/21 4:29 p.m.16 views

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

6.1CVSS6AI score0.00675EPSS
Exploits1References1
NVD
NVD
added 2018/09/21 4:29 p.m.18 views

CVE-2018-14688

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...

6.1CVSS6AI score0.00675EPSS
Exploits1References1
Prion
Prion
added 2018/09/21 4:29 p.m.9 views

Cross site scripting

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim...

4.3CVSS6AI score0.00675EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/09/21 4:29 p.m.16 views

Cross site scripting

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/21 4:0 p.m.16 views

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

6AI score0.00675EPSS
Exploits1References1
Prion
Prion
added 2018/02/05 4:29 p.m.17 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting XSS attacks or possibly have unspecified other impact via the name paramet...

6.8CVSS7.5AI score0.15676EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2018/02/05 4:29 p.m.31 views

CVE-2017-9414

Cross-site request forgery CSRF vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting XSS attacks or possibly have unspecified other impact via the name paramet...

8.8CVSS9.1AI score0.15676EPSS
Exploits5References3
Cvelist
Cvelist
added 2018/02/05 4:0 p.m.26 views

CVE-2017-9414

Cross-site request forgery CSRF vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting XSS attacks or possibly have unspecified other impact via the name paramet...

9.2AI score0.15676EPSS
Exploits5References3
Prion
Prion
added 2017/07/25 6:29 p.m.19 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that 1 subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or 2 update Internet Radio Settings via the...

6.8CVSS7.7AI score0.01776EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2017/07/25 6:0 p.m.29 views

CVE-2017-9413

Multiple cross-site request forgery CSRF vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that 1 subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or 2 update Internet Radio Settings via the...

9.1AI score0.01776EPSS
Exploits5References2
OSV
OSV
added 2017/07/21 2:29 p.m.5 views

CVE-2017-9415

Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...

7.5CVSS5.8AI score0.02478EPSS
Exploits5References1
Prion
Prion
added 2017/07/21 2:29 p.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...

5.1CVSS7.5AI score0.02478EPSS
Exploits5References1Affected Software1
Cvelist
Cvelist
added 2017/07/21 2:0 p.m.28 views

CVE-2017-9415

Cross-site request forgery CSRF vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view...

7.7AI score0.02478EPSS
Exploits5References1
Prion
Prion
added 2017/06/07 7:29 p.m.11 views

Server side request forgery (ssrf)

XML external entity XXE vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted XSPF playlist file...

4.3CVSS7.1AI score0.26906EPSS
Exploits5References3Affected Software1
0day.today
0day.today
added 2017/06/05 12:0 a.m.76 views

Subsonic 6.1.1 - Server-Side Request Forgery Vulnerability

Exploit for windows platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...

6.8CVSS8.7AI score0.01776EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/06/03 12:0 a.m.46 views

Subsonic 6.1.1 Server Side Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media...

8.9AI score0.01776EPSS
Exploits5
Rows per page
Query Builder