Logitech Media Server 7.9.0 Cross Site Scripting

`# Exploit Title: Logitech Media Server : Persistent Cross Site Scripting(XSS)  
# Shodan Dork: Search Logitech Media Server  
# Date: 11/03/2017  
# Exploit Author: Dewank Pant  
# Vendor Homepage: www.logitech.com  
# Software Link: [download link if available]  
# Version: 7.9.0  
# Tested on: Windows 10, Linux  
# CVE : Applied For.  
  
  
  
POC:  
  
Access and go to the favorites tab and add a new favorite.  
Add script as the value of the field.  
Payload : <script> alert(1)</script>  
Script saved and gives a pop-up to user every time they access that page.  
Therefore, Persistent XSS.  
  
  
# Exploit Title: Logitech Media Server : HTML code injection and execution.  
# Shodan Dork: Search Logitech Media Server  
# Date: 11/03/2017  
# Exploit Author: Dewank Pant  
# Vendor Homepage: www.logitech.com  
# Version: 7.9.0  
# Tested on: Windows 10, Linux  
# CVE : Applied For.  
  
  
  
POC:  
  
1. Access and go to the Radio URL tab and add a new URL.  
2. Add script as the value of the field.  
3. Payload : <script> alert(1)</script>  
4. Script saved and gives an image msg with a javascript execution on image click.  
5. Therefore, Persistent XSS.  
  
`