XML External Entity (XXE) Vulnerability in Subsonic 6.1.1 Import Playlist Feature Allows SSRF Attacks via Crafted XSPF Playlist File
CVE-2017-9355 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Learn more about our Cis Benchmark Audit For Server Software.