Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS
Title: Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS
Advisory ID: ZSL-2017-5406
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 03.05.2017
');
This can be exploited to execute arbitrary HTML and script code in a user's browser DOM
in context of an affected site.
1.7.1
1.7.0
1.6.1
Windows 7, UPnP/1.0 DLNADOC/1.50, Serviio/1.8
Mac OS X, UPnP/1.0 DLNADOC/1.50, Serviio/1.8
Linux, UPnP/1.0 DLNADOC/1.50, Serviio/1.8
[02.05.2017] Vendor communicated via Beyond Security's SecuriTeam Secure Disclosure program.
[2] https://cxsecurity.com/issue/WLB-2017050020
[3] https://packetstormsecurity.com/files/142385
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/125647
[05.05.2017] - Added reference [2] and [3]
[30.05.2017] - Added reference [4]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2017-5406
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 03.05.2017
Summary
Serviio is a free media server. It allows you to stream your media files (music, video or images) to renderer devices (e.g. a TV set, Bluray player, games console or mobile phone) on your connected home network.Description
The application is vulnerable to a DOM-based cross-site scripting. Data is read from document.location and passed to document.write() via the following statement in the response: document.write('Vendor
Petr Nejedly | Six Lines Ltd - http://www.serviio.orgAffected Version
1.8.0.0 PRO1.7.1
1.7.0
1.6.1
Tested On
Restlet-Framework/2.2Windows 7, UPnP/1.0 DLNADOC/1.50, Serviio/1.8
Mac OS X, UPnP/1.0 DLNADOC/1.50, Serviio/1.8
Linux, UPnP/1.0 DLNADOC/1.50, Serviio/1.8
Vendor Status
[12.12.2016] Vulnerability discovered.[02.05.2017] Vendor communicated via Beyond Security's SecuriTeam Secure Disclosure program.
PoC
serviio_domxss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://blogs.securiteam.com/index.php/archives/3094[2] https://cxsecurity.com/issue/WLB-2017050020
[3] https://packetstormsecurity.com/files/142385
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/125647
Changelog
[03.05.2017] - Initial release[05.05.2017] - Added reference [2] and [3]
[30.05.2017] - Added reference [4]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk