CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-9415

Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.6%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.1

References

https://www.exploit-db.com/exploits/42117/
https://www.exploit-db.com/exploits/42117/

Products affected by CVE-2017-9415

Subsonic » Subsonic » Version: 6.1.1

cpe:2.3:a:subsonic:subsonic:6.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9415

Products

Pricing

Contact Us