Vulnerabilities > Subsonic

DATE CVE VULNERABILITY TITLE RISK
2018-12-19 CVE-2018-20228 Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.5
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
network
low complexity
subsonic CWE-918
8.0
2018-09-21 CVE-2018-9282 Cross-site Scripting vulnerability in Subsonic 6.1.1
An XSS issue was discovered in Subsonic Media Server 6.1.1.
network
low complexity
subsonic CWE-79
6.1
2018-09-21 CVE-2018-14691 Cross-site Scripting vulnerability in Subsonic 6.1.1
An issue was discovered in Subsonic 6.1.1.
network
low complexity
subsonic CWE-79
6.1
2018-09-21 CVE-2018-14690 Cross-site Scripting vulnerability in Subsonic 6.1.1
An issue was discovered in Subsonic 6.1.1.
network
low complexity
subsonic CWE-79
6.1
2018-09-21 CVE-2018-14689 Cross-site Scripting vulnerability in Subsonic 6.1.1
An issue was discovered in Subsonic 6.1.1.
network
low complexity
subsonic CWE-79
6.1
2018-09-21 CVE-2018-14688 Cross-site Scripting vulnerability in Subsonic 6.1.1
An issue was discovered in Subsonic 6.1.1.
network
low complexity
subsonic CWE-79
6.1
2018-09-11 CVE-2018-15898 Improper Certificate Validation vulnerability in Subsonic Music Streamer 4.4
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data.
network
high complexity
subsonic CWE-295
5.9
2018-02-05 CVE-2017-9414 Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
network
low complexity
subsonic CWE-352
8.8
2018-01-23 CVE-2018-6014 Information Exposure vulnerability in Subsonic 6.1.3
Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request.
network
low complexity
subsonic CWE-200
6.5
2017-07-25 CVE-2017-9413 Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view.
network
low complexity
subsonic CWE-352
8.8