← voltar
CVE-2017-20219

Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to document.write() in the mediabrowser component to execute code in a user's browser context.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Serviio · Serviio PRO

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://blogs.securiteam.com/index.php/archives/3094https://cxsecurity.com/issue/WLB-2017050020https://exchange.xforce.ibmcloud.com/vulnerabilities/125647https://packetstormsecurity.com/files/142385https://www.vulncheck.com/advisories/serviio-pro-dom-based-cross-site-scripting-via-mediabrowserhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5406.php