Lucene search
Thiago SenaEXPLOITPACK:4B2C30D688B9069395F846B2C680F4E6HistoryOct 12, 2017 - 12:00 a.m.
Dreambox Plugin BouquetEditor - Cross-Site Scripting
2017-10-1200:00:00
Thiago Sena
13
EPSS
0.001
Percentile
47.9%
Dreambox Plugin BouquetEditor - Cross-Site Scripting
# Exploit Title: Vulnerability XSS - Dreambox
# Shodan Dork: Dreambox 200
# Date: 12/10/2017
# Exploit Author: Thiago "THX" Sena
# Vendor Homepage: https://www.dreamboxupdate.com
# Version: 2.0.0
# Tested on: kali linux, windows 7, 8.1, 10
# CVE : CVE-2017-15287
Vulnerabilty: Cross-site scripting (XSS) in plugin BouquetEditor
---------------------------------------------------------------
PoC:
- First you go to ( http://IP:PORT/bouqueteditor/ )
- Then you go to the Bouquets tab, add a new bouquet
- Then put the script (<script>alert(1)</script>)
- Xss VulnerabilityRelated
cvelist
cvelist
CVE-2017-15287
2017-10-12 15:00:00
exploitdb
exploitdb
Dreambox Plugin BouquetEditor - Cross-Site Scripting
2017-10-12 00:00:00
cve
cve
CVE-2017-15287
2017-10-12 15:29:00
packetstorm
packetstorm
DreamBox BouquetEditor 2.0.0 Cross Site Scripting
2017-10-13 00:00:00
zdt
zdt
Dreambox Plugin BouquetEditor - Cross-Site Scripting Vulnerability
2017-10-13 00:00:00
nvd
nvd
CVE-2017-15287
2017-10-12 15:29:00
prion
prion
Cross site scripting
2017-10-12 15:29:00
nuclei
nuclei
Dreambox WebControl 2.0.0 - Cross-Site Scripting
2022-01-15 20:35:33