header-logo
Suggest Exploit
vendor:
Logitech Media Server
by:
Dewank Pant
7,5
CVSS
HIGH
Persistent XSS
79
CWE
Product Name: Logitech Media Server
Affected Version From: 7.9.0
Affected Version To: 7.9.0
Patch Exists: NO
Related CWE: Applied For.
CPE: a:logitech:logitech_media_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10, Linux
2017

Logitech Media Server : Persistent Cross Site Scripting(XSS)

Access and go to the favorites tab and add a new favorite. Add script as the value of the field. Payload : <script> alert(1)</script> Script saved and gives a pop-up to user every time they access that page. Therefore, Persistent XSS.

Mitigation:

Input validation and sanitization should be done to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Logitech Media Server : Persistent Cross Site Scripting(XSS)
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: www.logitech.com
# Software Link: [download link if available]
# Version: 7.9.0
# Tested on: Windows 10, Linux
# CVE : Applied For.



POC:

Access and go to the favorites tab and add a new favorite.
Add script as the value of the field.
Payload : <script> alert(1)</script>
Script saved and gives a pop-up to user every time they access that page.
Therefore, Persistent XSS.

Navigation

Suggest Exploit

Services By CQR