Vulnerabilities > Subsonic > Subsonic > 6.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-21 | CVE-2018-9282 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An XSS issue was discovered in Subsonic Media Server 6.1.1. | 4.3 |
| 2018-09-21 | CVE-2018-14691 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 4.3 |
| 2018-09-21 | CVE-2018-14690 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 4.3 |
| 2018-09-21 | CVE-2018-14689 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 4.3 |
| 2018-09-21 | CVE-2018-14688 | Cross-site Scripting vulnerability in Subsonic 6.1.1 An issue was discovered in Subsonic 6.1.1. | 4.3 |
| 2018-02-05 | CVE-2017-9414 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view. | 6.8 |
| 2017-07-25 | CVE-2017-9413 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. | 6.8 |
| 2017-07-21 | CVE-2017-9415 | Cross-Site Request Forgery (CSRF) vulnerability in Subsonic 6.1.1 Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. | 5.1 |
| 2017-06-07 | CVE-2017-9355 | Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.1 XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. | 4.3 |