Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormThiago SenaPACKETSTORM:144604
HistoryOct 13, 2017 - 12:00 a.m.

DreamBox BouquetEditor 2.0.0 Cross Site Scripting

2017-10-1300:00:00
Thiago Sena
packetstormsecurity.com
28

EPSS

0.001

Percentile

47.9%

JSON
`# Exploit Title: Vulnerability XSS - Dreambox  
# Shodan Dork: Dreambox 200   
# Date: 12/10/2017  
# Exploit Author: Thiago "THX" Sena  
# Vendor Homepage: https://www.dreamboxupdate.com  
# Version: 2.0.0  
# Tested on: kali linux, windows 7, 8.1, 10  
# CVE : CVE-2017-15287  
  
Vulnerabilty: Cross-site scripting (XSS) in plugin BouquetEditor  
  
---------------------------------------------------------------  
  
PoC:   
  
- First you go to ( http://IP:PORT/bouqueteditor/ )  
  
- Then you go to the Bouquets tab, add a new bouquet  
  
- Then put the script (<script>alert(1)</script>)  
  
- Xss Vulnerability  
  
`

Related

cvelist 1
exploitdb 1
cve 1
prion 1
nuclei 1
zdt 1
nvd 1
exploitpack 1
cvelist
cvelist
CVE-2017-15287
2017-10-12 15:00:00
exploitdb
exploitdb
Dreambox Plugin BouquetEditor - Cross-Site Scripting
2017-10-12 00:00:00
cve
cve
CVE-2017-15287
2017-10-12 15:29:00
prion
prion
Cross site scripting
2017-10-12 15:29:00
nuclei
nuclei
Dreambox WebControl 2.0.0 - Cross-Site Scripting
2022-01-15 20:35:33
zdt
zdt
Dreambox Plugin BouquetEditor - Cross-Site Scripting Vulnerability
2017-10-13 00:00:00
nvd
nvd
CVE-2017-15287
2017-10-12 15:29:00
exploitpack
exploitpack
Dreambox Plugin BouquetEditor - Cross-Site Scripting
2017-10-12 00:00:00

EPSS

0.001

Percentile

47.9%

JSON
Related for PACKETSTORM:144604
cvelist1exploitdb1cve1prion1nuclei1zdt1nvd1exploitpack1