Vulnerabilities > Subsonic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-19 | CVE-2018-20228 | Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.5 Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | 6.0 |
| 2018-09-21 | CVE-2018-9282 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An XSS issue was discovered in Subsonic Media Server 6.1.1. | 4.3 |
| 2018-09-21 | CVE-2018-14691 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 4.3 |
| 2018-09-21 | CVE-2018-14690 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 4.3 |
| 2018-09-21 | CVE-2018-14689 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 4.3 |
| 2018-09-21 | CVE-2018-14688 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 4.3 |
| 2018-09-11 | CVE-2018-15898 | Improper Certificate Validation vulnerability in Subsonic Music Streamer 4.4 The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | 4.3 |
| 2018-02-05 | CVE-2017-9414 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view. | 6.8 |
| 2018-01-23 | CVE-2018-6014 | Information Exposure vulnerability in Subsonic 6.1.3 Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. | 4.3 |
| 2017-07-25 | CVE-2017-9413 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. | 6.8 |