Skip to main content

Subsonic

10 CVEs product

Monthly

CVE-2018-20228 HIGH POC This Week

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SSRF Subsonic
NVD
CVSS 3.0
8.0
EPSS
0.4%
CVE-2018-9282 MEDIUM POC This Month

An XSS issue was discovered in Subsonic Media Server 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14691 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14690 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14689 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14688 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-6014 MEDIUM POC This Month

Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Subsonic
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2017-9413 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Subsonic
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-9415 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Subsonic
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-9355 HIGH POC This Week

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Subsonic
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
4.2%
EPSS 0% CVSS 8.0
HIGH POC This Week

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF SSRF Subsonic
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An XSS issue was discovered in Subsonic Media Server 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Subsonic
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF CSRF Subsonic
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Subsonic
NVD Exploit-DB
EPSS 4% CVSS 7.4
HIGH POC This Week

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Subsonic
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy