Unrated severityNVD Advisory· Published Sep 21, 2018· Updated Aug 5, 2024

CVE-2018-14691

Description

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim.

Affected products

Sube/Subsonicinferred
Range: = 6.1.1
Subsonic/Subsonicllm-fuzzy
Range: =6.1.1

Patches

Vulnerability mechanics

References

www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000