CVE-2018-14689

Name of the Vulnerable Software and Affected Versions Subsonic version 6.1.1

Description An issue was discovered that affects the transcoding settings, where five stored cross-site scripting vulnerabilities exist in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters. These vulnerabilities could be used to steal session information of a victim.

Recommendations For Subsonic version 6.1.1, avoid using the vulnerable parameters name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] in the transcodingSettings.view until a fix is available. As a temporary workaround, consider restricting access to the transcoding settings to minimize the risk of exploitation.