Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtThiago Sena1337DAY-ID-28784
HistoryOct 13, 2017 - 12:00 a.m.

Dreambox Plugin BouquetEditor - Cross-Site Scripting Vulnerability

2017-10-1300:00:00
Thiago Sena
0day.today
22

EPSS

0.001

Percentile

47.9%

JSON

Exploit for hardware platform in category web applications

# Exploit Title: Vulnerability XSS - Dreambox
# Shodan Dork: Dreambox 200 
# Date: 12/10/2017
# Exploit Author: Thiago "THX" Sena
# Vendor Homepage: https://www.dreamboxupdate.com
# Version: 2.0.0
# Tested on: kali linux, windows 7, 8.1, 10
# CVE : CVE-2017-15287
 
Vulnerabilty: Cross-site scripting (XSS) in plugin BouquetEditor
 
---------------------------------------------------------------
 
PoC: 
 
- First you go to ( http://IP:PORT/bouqueteditor/ )
 
- Then you go to the Bouquets tab, add a new bouquet
 
- Then put the script (<script>alert(1)</script>)
 
- Xss Vulnerability

#  0day.today [2018-01-03]  #

Related

cvelist 1
exploitdb 1
cve 1
prion 1
nuclei 1
packetstorm 1
nvd 1
exploitpack 1
cvelist
cvelist
CVE-2017-15287
2017-10-12 15:00:00
exploitdb
exploitdb
Dreambox Plugin BouquetEditor - Cross-Site Scripting
2017-10-12 00:00:00
cve
cve
CVE-2017-15287
2017-10-12 15:29:00
prion
prion
Cross site scripting
2017-10-12 15:29:00
nuclei
nuclei
Dreambox WebControl 2.0.0 - Cross-Site Scripting
2022-01-15 20:35:33
packetstorm
packetstorm
DreamBox BouquetEditor 2.0.0 Cross Site Scripting
2017-10-13 00:00:00
nvd
nvd
CVE-2017-15287
2017-10-12 15:29:00
exploitpack
exploitpack
Dreambox Plugin BouquetEditor - Cross-Site Scripting
2017-10-12 00:00:00

EPSS

0.001

Percentile

47.9%

JSON
Related for 1337DAY-ID-28784
cvelist1exploitdb1cve1prion1nuclei1packetstorm1nvd1exploitpack1