An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-21T16:00:00

Updated: 2024-08-05T09:38:13.144Z

Reserved: 2018-07-28T00:00:00

Link: CVE-2018-14691

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-21T16:29:01.140

Modified: 2024-11-21T03:49:35.980

Link: CVE-2018-14691

cve-icon Redhat

No data.