CVE-2017-16567 – Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16567
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite." Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de "favorite". Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/43122 https://github.com/dewankpant/CVE-2017-16567 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16568 – Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16568
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de una URL radio. Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/43123 https://github.com/dewankpant/CVE-2017-16568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15687 – Logitech Media Server - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15687
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. Existe Cross-Site Scripting (XSS) basado en DOM en Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0 y 7.9.1 mediante una URI manipulada. • https://www.exploit-db.com/exploits/43024 https://fireshellsecurity.team/assets/pdf/DOM-Based-Cross-Site-Scripting-_XSS_-Logitech-Media-Server.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •