EUVD-2017-18932

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...

CVE-2017-20217

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

Serviio PRO 访问控制错误漏洞

Serviio PRO is a multimedia streaming server software developed by the British company Serviio. Version 1.8 of Serviio PRO contains a vulnerability related to access control. This vulnerability stems from improper access control settings in the Configuration REST API, which may allow...

Serviio PRO 跨站脚本漏洞

Serviio PRO is a multimedia streaming server software developed by the British company Serviio. Version 1.8 of Serviio PRO contains a cross-site scripting vulnerability. This vulnerability stems from a DOM-based cross-site scripting vulnerability in the mediabrowser component, which may allow...

Serviio PRO 访问控制错误漏洞

Serviio PRO is a multimedia streaming server software developed by the British company Serviio. Version 1.8 of Serviio PRO contains a vulnerability related to access control. This vulnerability stems from improper access control in the Configuration REST API, which could allow unauthenticated...

CVE-2017-20220

CVE-2017-20220 affects Serviio PRO 1.8. The vulnerability is an improper access control in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password by sending crafted requests to REST endpoints. The available documents confirm the affected product...

CVE-2017-20219 Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...

CVE-2017-20219

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...

Serviio PRO DLNA Media Streaming Server - REST API Information Disclosure Vulnerability

Serviio PRO is a DLNA media server. An information disclosure vulnerability exists in Serviio PRO DLNA Media Streaming Server - REST API. The vulnerability is allowed to be exploited by attackers to gain access to potentially sensitive information via a specially crafted request...

Serviio PRO DLNA Media Streaming Server - REST API Arbitrary Password Change Vulnerability

Serviio PRO is a DLNA media server. An arbitrary password change vulnerability exists in the Serviio PRO DLNA Media Streaming Server - REST API. A remote attacker can exploit this to change the login password of a protected page via a specially crafted request...