Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Subsonic 跨站请求伪造漏洞
Vulnerability Description
Subsonic是软件开发者Sindre Mehus开发和维护的一个媒体文件托管平台。 Subsonic 6.1.1版本中的Subscribe to Podcast功能存在跨站请求伪造漏洞。远程攻击者可通过向playerSettings.view文件发送‘name’参数利用该漏洞劫持用户的身份,实施跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A