Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Subsonic 跨站脚本漏洞
Vulnerability Description
Subsonic是软件开发者Sindre Mehus开发和维护的一个媒体文件托管平台。 Subsonic 6.1.1版本中转换代码的设置存在跨站脚本漏洞。远程攻击者可通过向transcodingSettings.view文件发送多个参数利用该漏洞注入代码,窃取用户会话信息。(多个参数包括:‘name[x]’、‘sourceformats[x]’、‘targetFormat[x]’、‘step1[x]’和‘step2[x]’)
CVSS Information
N/A
Vulnerability Type
N/A