High severity7.4NVD Advisory· Published Jun 7, 2017· Updated May 13, 2026
CVE-2017-9355
CVE-2017-9355
Description
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txtnvdExploitThird Party Advisory
- packetstormsecurity.com/files/142795/Subsonic-6.1.1-XML-External-Entity-Attack.htmlnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/42119/nvd
News mentions
0No linked articles in our index yet.