PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting and HTML Injection Vulnerabilities

ID EDB-ID:34372
Type exploitdb
Reporter Davide Canali
Modified 2009-11-01T00:00:00


PacketVideo Twonky Server 4.4.17/5.0.65 Cross Site Scripting and HTML Injection Vulnerabilities. Remote exploits for multiple platform


Twonky Server is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code could run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Versions prior to Twonky Server 4.4.18, 5.0.66, and 5.1 are vulnerable.<script type="text/javascript"src=""; ></script>