CVE-2017-20219

Sažetak

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to document.write() in the mediabrowser component to execute code in a user's browser context.

Reference

https://blogs.securiteam.com/index.php/archives/3094
https://cxsecurity.com/issue/WLB-2017050020
https://exchange.xforce.ibmcloud.com/vulnerabilities/125647
https://packetstormsecurity.com/files/142385
https://www.vulncheck.com/advisories/serviio-pro-dom-based-cross-site-scripting-via-mediabrowser
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5406.php

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

16-03-2026 - 14:53

Objavljeno

16-03-2026 - 14:17