CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-9355

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.159

EPSS Ranking 94.4%

CVSS Severity

CVSS v3 Score 7.4

CVSS v2 Score 4.3

References

http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt
http://packetstormsecurity.com/files/142795/Subsonic-6.1.1-XML-External-Entity-Attack.html
https://www.exploit-db.com/exploits/42119/
http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt
http://packetstormsecurity.com/files/142795/Subsonic-6.1.1-XML-External-Entity-Attack.html
https://www.exploit-db.com/exploits/42119/

Products affected by CVE-2017-9355

Subsonic » Subsonic » Version: 6.1.1

cpe:2.3:a:subsonic:subsonic:6.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9355

Products

Pricing

Contact Us