CVEs-PoC/2018/CVE-2018-14691.md at dc3bd6cd71a486f862e7cf4da52fce4cfeb10e52

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 22:35:37 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim.

POC

Reference

https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/

Github

No PoCs found on GitHub currently.

792 B Raw Blame History

CVE-2018-14691

Description

POC

Reference

Github

792 B

Raw Blame History