3 matches found
CVE-2017-16568
Logitech Media Server 7.9.0 is affected by a stored XSS via the Radio URL/input in the Radio feature. The vulnerability allows remote attackers to inject JavaScript that is stored on the server and executed when users play the compromised radio stream, leading to potential session hijacking, unau...
CVE-2017-15687
CVE-2017-15687 is a DOM-based Cross-Site Scripting (XSS) vulnerability in Logitech Media Server. The issue affects multiple releases (7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, 7.9.1) and is exploitable via a crafted URI, as described across CVE records and OpenVAS entries. The root cause is DOM-b...
CVE-2017-16567
CVE-2017-16567 is a stored cross-site scripting vulnerability in Logitech Media Server 7.9.0 affecting the Favorites feature. The issue allows remote attackers to inject and permanently store malicious JavaScript that executes when users access the affected UI, enabling session hijacking, credent...