Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) XSS

Type packetstorm
Reporter LiquidWorm
Modified 2017-05-03T00:00:00


Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS  
Vendor: Petr Nejedly | Six Lines Ltd  
Product web page:  
Affected version: PRO, 1.7.1, 1.7.0, 1.6.1  
Summary: Serviio is a free media server. It allows you to stream your media  
files (music, video or images) to renderer devices (e.g. a TV set, Bluray player,  
games console or mobile phone) on your connected home network.  
Desc: The application is vulnerable to a DOM-based cross-site scripting. Data is  
read from document.location and passed to document.write() via the following statement  
in the response: document.write('<base href="' + document.location + '" />');  
This can be exploited to execute arbitrary HTML and script code in a user's browser DOM  
in context of an affected site.  
Tested on: Restlet-Framework/2.2  
Windows 7, UPnP/1.0 DLNADOC/1.50, Serviio/1.8  
Mac OS X, UPnP/1.0 DLNADOC/1.50, Serviio/1.8  
Linux, UPnP/1.0 DLNADOC/1.50, Serviio/1.8  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2017-5406  
Advisory URL:  
SSD Advisory:  
Element response:  
<base href="">