CVE-2017-20219
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Description
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to document.write() in the mediabrowser component to execute code in a user's browser context.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-79
Source
NVD
Vendor
Serviio
Product
Serviio PRO
External References
- https://blogs.securiteam.com/index.php/archives/3094
- https://cxsecurity.com/issue/WLB-2017050020
- https://exchange.xforce.ibmcloud.com/vulnerabilities/125647
- https://packetstormsecurity.com/files/142385
- https://www.vulncheck.com/advisories/serviio-pro-dom-based-cross-site-scripting-via-mediabrowser
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5406.php
Discussion (0)
Add Comment
No comments yet. Be the first!