{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T11:42:23.089","vulnerabilities":[{"cve":{"id":"CVE-2017-9415","sourceIdentifier":"cve@mitre.org","published":"2017-07-21T14:29:01.007","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view."},{"lang":"es","value":"Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en subsonic versión 6.1.1, permite a los atacantes remotos con conocimiento del nombre de usuario de destino secuestrar la autenticación de los usuarios para peticiones que cambian las contraseñas por medio de una petición creada en el archivo userSettings.view."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:subsonic:subsonic:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0D1EA39E-CFA6-4FCA-93A2-BA6938702E6B"}]}]}],"references":[{"url":"https://www.exploit-db.com/exploits/42117/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/42117/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}}]}