Lucene search
K

6 matches found

NVD
NVD
added 2026/03/16 2:17 p.m.11 views

CVE-2017-20219

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...

6.1CVSS0.00238EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.12 views

PT-2026-25738

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...

8.7CVSS5.8AI score0.00395EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.11 views

CVE-2017-20220 Serviio PRO 1.8 Unauthenticated Password Change via REST API

Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication...

8.7CVSS5.8AI score0.00395EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/03/15 6:34 p.m.26 views

CVE-2017-20219 Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to...

6.1CVSS0.00238EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.9 views

CVE-2017-20218 Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

8.5CVSS6.2AI score0.00141EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.3 views

CVE-2017-20217

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

5.8AI score0.00661EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder