Vulnerabilities > Subsonic

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-19	CVE-2018-20228	Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.5 Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. network subsonic CWE-918	6.0
2018-09-21	CVE-2018-9282	Cross-site Scripting vulnerability in Subsonic 6.1.1 An XSS issue was discovered in Subsonic Media Server 6.1.1. network subsonic CWE-79	4.3
2018-09-21	CVE-2018-14691	Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. network subsonic CWE-79	4.3
2018-09-21	CVE-2018-14690	Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. network subsonic CWE-79	4.3
2018-09-21	CVE-2018-14689	Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. network subsonic CWE-79	4.3
2018-09-21	CVE-2018-14688	Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. network subsonic CWE-79	4.3
2018-09-11	CVE-2018-15898	Improper Certificate Validation vulnerability in Subsonic Music Streamer 4.4 The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data. network subsonic CWE-295	4.3
2018-02-05	CVE-2017-9414	Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view. network subsonic CWE-352	6.8
2018-01-23	CVE-2018-6014	Information Exposure vulnerability in Subsonic 6.1.3 Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. network subsonic CWE-200	4.3
2017-07-25	CVE-2017-9413	Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. network subsonic CWE-352	6.8

Vulnerabilities > Subsonic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Subsonic"}]}

Vulnerabilities > Subsonic