CVE-2017-9355

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct…

mitre·CWE-918·Published 2017-06-07

CVSS

—

EPSS

0.27

KEV

Exploits

cve.orgen

205 chars

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.

NVDen

205 chars

NVDes

276 chars

La vulnerabilidad de tipo XML external entity (XXE) en la funcionalidad import playlist en Subsonic versión 6.1.1, podría permitir a los atacantes remotos conducir ataques de tipo server-side request forgery (SSRF) por medio de un archivo playlist XSPF especialmente diseñado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.0	Primary	NVD	7.4	2.8	4.0	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N