Lucene search

[email protected]CVE-2017-16568

HistoryNov 10, 2017 - 2:29 a.m.

CVE-2017-16568

2017-11-1002:29:18

CWE-79

[email protected]

web.nvd.nist.gov

cve-2017-16568

xss

logitech media server

remote attackers

injection

web script

html

radio url

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.0%

JSON

Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL.

Affected configurations

NVD

Node

logitechmedia_serverMatch7.9.0

CPENameOperatorVersion
logitech:media_serverlogitech media servereq7.9.0

CPE	Name	Operator	Version
logitech:media_server	logitech media server	eq	7.9.0

References

www.exploit-db.com/exploits/43123/

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.0%

JSON

Related for CVE-2017-16568

zdt1 cvelist1 nvd1 prion1 packetstorm1 openvas1