There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
References
Link | Resource |
---|---|
https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/42986/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-12T15:00:00
Updated: 2017-10-14T09:57:01
Reserved: 2017-10-12T00:00:00
Link: CVE-2017-15287
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-10-12T15:29:00.373
Modified: 2017-10-27T18:45:59.497
Link: CVE-2017-15287
JSON object: View
Redhat Information
No data.
CWE