XML External Entity (XXE) Vulnerability in Subsonic 6.1.1 Import Playlist Feature Allows SSRF Attacks via Crafted XSPF Playlist File

XML External Entity (XXE) Vulnerability in Subsonic 6.1.1 Import Playlist Feature Allows SSRF Attacks via Crafted XSPF Playlist File

CVE-2017-9355 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.

Learn more about our Cis Benchmark Audit For Server Software.