header-logo
Suggest Exploit
vendor:
Logitech Media Server
by:
Dewank Pant
7,5
CVSS
HIGH
Persistent XSS
79
CWE
Product Name: Logitech Media Server
Affected Version From: 7.9.0
Affected Version To: 7.9.0
Patch Exists: NO
Related CWE: Applied For.
CPE: a:logitech:logitech_media_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10, Linux
2017

Logitech Media Server : HTML code injection and execution.

Access and go to the Radio URL tab and add a new URL. Add script as the value of the field. Payload : <script> alert(1)</script> Script saved and gives an image msg with a javascript execution on image click.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: Logitech Media Server : HTML code injection and execution.
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: www.logitech.com
# Version: 7.9.0
# Tested on: Windows 10, Linux
# CVE : Applied For.
 
 
 
POC:
 
1. Access and go to the Radio URL tab and add a new URL.
2. Add script as the value of the field.
3. Payload : <script> alert(1)</script>
4. Script saved and gives an image msg with a javascript execution on image click.
5. Therefore, Persistent XSS.

Navigation

Suggest Exploit

Services By CQR