Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote malicious users to inject arbitrary web script or HTML via a radio URL.
# Exploit Title: Logitech Media Server : HTML code injection and execution
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: wwwlogitechcom
# Version: 790
# Tested on: Windows 10, Linux
# CVE : Applied For
POC:
1 Access and go to t ...
CVE-2017-16568
Exploit Title: Logitech Media Server : HTML code injection and execution
Shodan Dork: Search Logitech Media Server
Date: 11/03/2017
Exploit Author: Dewank Pant
Vendor Homepage: wwwlogitechcom
Version: 790
Tested on: Windows 10, Linux
POC:
Access and go to the Radio URL tab and add a new URL
Add script as the value of the field
Payload : <script&a