Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DreamBox BouquetEditor 2.0.0 Cross Site Scripting

Related Vulnerabilities: CVE-2017-15287  
Publish Date: 13 Oct 2017
Author: Thiago Sena
Source 
                							

                # Exploit Title: Vulnerability XSS - Dreambox
# Shodan Dork: Dreambox 200 
# Date: 12/10/2017
# Exploit Author: Thiago "THX" Sena
# Vendor Homepage: https://www.dreamboxupdate.com
# Version: 2.0.0
# Tested on: kali linux, windows 7, 8.1, 10
# CVE : CVE-2017-15287
 
Vulnerabilty: Cross-site scripting (XSS) in plugin BouquetEditor
 
---------------------------------------------------------------
 
PoC: 
 
- First you go to ( http://IP:PORT/bouqueteditor/ )
 
- Then you go to the Bouquets tab, add a new bouquet
 
- Then put the script (<script>alert(1)</script>)
 
- Xss Vulnerability

<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started