Vulners
Lucene search
Logitech Media Server 7.9.0 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | Logitech Media Server 7.9.0 - favorites Cross-Site Scripting Vulnerability | 6 Nov 201700:00 | – | zdt |
| Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Vulnerability | 6 Nov 201700:00 | – | zdt |
 | CVE-2017-16567 | 6 Feb 202502:41 | – | circl |
| CVE-2017-16568 | 6 Feb 202502:41 | – | circl |
 | Logitech Media Server Cross-Site Scripting Vulnerability (CNVD-2017-36360) | 10 Nov 201700:00 | – | cnvd |
| Logitech Media Server Cross-Site Scripting Vulnerability (CNVD-2017-36361) | 10 Nov 201700:00 | – | cnvd |
 | CVE-2017-16567 | 9 Nov 201719:00 | – | cve |
| CVE-2017-16568 | 9 Nov 201719:00 | – | cve |
 | CVE-2017-16567 | 9 Nov 201719:00 | – | cvelist |
| CVE-2017-16568 | 9 Nov 201719:00 | – | cvelist |
10
`# Exploit Title: Logitech Media Server : Persistent Cross Site Scripting(XSS)
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: www.logitech.com
# Software Link: [download link if available]
# Version: 7.9.0
# Tested on: Windows 10, Linux
# CVE : Applied For.
POC:
Access and go to the favorites tab and add a new favorite.
Add script as the value of the field.
Payload : <script> alert(1)</script>
Script saved and gives a pop-up to user every time they access that page.
Therefore, Persistent XSS.
# Exploit Title: Logitech Media Server : HTML code injection and execution.
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: www.logitech.com
# Version: 7.9.0
# Tested on: Windows 10, Linux
# CVE : Applied For.
POC:
1. Access and go to the Radio URL tab and add a new URL.
2. Add script as the value of the field.
3. Payload : <script> alert(1)</script>
4. Script saved and gives an image msg with a javascript execution on image click.
5. Therefore, Persistent XSS.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Nov 2017 00:00Current
5.9Medium risk
Vulners AI Score5.9
EPSS0.00304