Subsonic : Security Vulnerabilities, CVEs, Published In 2018 (CSRF)
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
Max CVSS
8.0
EPSS Score
0.08%
Published
2018-12-19
Updated
2019-01-24
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
Max CVSS
8.8
EPSS Score
35.92%
Published
2018-02-05
Updated
2018-02-23
2 vulnerabilities found