CVE-2018-14690

Name of the Vulnerable Software and Affected Versions Subsonic version 6.1.1

Description An issue was discovered that affects the general settings, specifically two stored cross-site scripting vulnerabilities in the title and subtitle parameters to the "generalSettings.view" endpoint. These vulnerabilities could be used to steal session information of a victim.

Recommendations For Subsonic version 6.1.1, avoid using the title and subtitle parameters in the generalSettings.view endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the general settings page to minimize the risk of exploitation.