Unrated severityNVD Advisory· Published Jan 23, 2018· Updated Aug 5, 2024

CVE-2018-6014

Description

Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Nickl/Subsonicinferred
Range: <=6.1.3
Subsonic/Subsonicllm-fuzzy
Range: = 6.1.3

Patches

Vulnerability mechanics

References

www.vulnerability-lab.com/get_content.phpmitrex_refsource_MISC
www.youtube.com/watchmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000