Vulnerabilities > Subsonic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-21 | CVE-2018-9282 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An XSS issue was discovered in Subsonic Media Server 6.1.1. | 6.1 |
| 2018-09-21 | CVE-2018-14691 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 6.1 |
| 2018-09-21 | CVE-2018-14690 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 6.1 |
| 2018-09-21 | CVE-2018-14689 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 6.1 |
| 2018-09-21 | CVE-2018-14688 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 6.1 |
| 2018-09-11 | CVE-2018-15898 | Improper Certificate Validation vulnerability in Subsonic Music Streamer 4.4 The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | 5.9 |
| 2018-01-23 | CVE-2018-6014 | Information Exposure vulnerability in Subsonic 6.1.3 Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. | 6.5 |