Vulnerability CVE-2017-15287


Published: 2017-10-12

Description:
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.

See advisories in our WLB2 database:
Topic
Author
Date
Low
DreamBox BouquetEditor 2.0.0 Cross Site Scripting
Thiago "THX...
13.10.2017

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf

Copyright 2017, cxsecurity.com

 

Back to Top