Vulnerabilities > Subsonic

DATE CVE VULNERABILITY TITLE RISK
2017-07-21 CVE-2017-9415 Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
network
high complexity
subsonic CWE-352
7.5
2017-06-07 CVE-2017-9355 Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.1
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
network
low complexity
subsonic CWE-918
7.4