# Exploit Title: Logitech Media Server : HTML code injection and execution. # Shodan Dork: Search Logitech Media Server # Date: 11/03/2017 # Exploit Author: Dewank Pant # Vendor Homepage: www.logitech.com # Version: 7.9.0 # Tested on: Windows 10, Linux # CVE : Applied For. POC: 1. Access and go to the Radio URL tab and add a new URL. 2. Add script as the value of the field. 3. Payload : <script> alert(1)</script> 4. Script saved and gives an image msg with a javascript execution on image click. 5. Therefore, Persistent XSS.
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
