Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote malicious users to inject arbitrary web script or HTML via a "favorite."
# Exploit Title: Logitech Media Server : Persistent Cross Site Scripting(XSS)
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: wwwlogitechcom
# Software Link: [download link if available]
# Version: 790
# Tested on: Windows 10, Linux
# CVE : Applied For
POC:
Access and go to th ...
CVE-2017-16567
Exploit Title: Logitech Media Server : Persistent Cross Site Scripting(XSS)
Shodan Dork: Search Logitech Media Server
Date: 11/03/2017
Exploit Author: Dewank Pant
Vendor Homepage: wwwlogitechcom
Version: 790
Tested on: Windows 10, Linux
POC:
Access and go to the favorites tab and add a new favorite
Add script as the value of the field
Payload : <s