High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-19	CVE-2018-20228	Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.5 Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. network low complexity subsonic CWE-918	8.0
2018-02-05	CVE-2017-9414	Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view. network low complexity subsonic CWE-352	8.8
2017-07-25	CVE-2017-9413	Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. network low complexity subsonic CWE-352	8.8
2017-07-21	CVE-2017-9415	Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. network high complexity subsonic CWE-352	7.5
2017-06-07	CVE-2017-9355	Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.1 XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. network low complexity subsonic CWE-918	7.4