← Advisories

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS

Medium

Advisory ID

ZSL-2017-5406

Release Date

03 May 2017

Vendor

Petr Nejedly, Six Lines Ltd - http://www.serviio.org

Affected Version

1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1

CVE

CVE-2017-20219

Tested On

Restlet-Framework/2.2, Windows 7, UPnP/1.0 DLNADOC/1.50, Serviio/1.8, Mac OS X, UPnP/1.0 DLNADOC/1.50, Serviio/1.8, Linux, UPnP/1.0 DLNADOC/1.50, Serviio/1.8

Summary

Serviio is a free media server. It allows you to stream your media files (music, video or images) to renderer devices (e.g. a TV set, Bluray player, games console or mobile phone) on your connected home network.

Description

The application is vulnerable to a DOM-based cross-site scripting. Data is read from document.location and passed to document.write() via the following statement in the response: document.write(''); This can be exploited to execute arbitrary HTML and script code in a user's browser DOM in context of an affected site.

Proof of Concept

serviio_domxss.txtTXT

Disclosure Timeline

12.12.2016Vulnerability discovered.

02.05.2017Vendor communicated via Beyond Security's SecuriTeam Secure Disclosure program.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://blogs.securiteam.com/index.php/archives/3094

[2]https://cxsecurity.com/issue/WLB-2017050020

[3]https://packetstormsecurity.com/files/142385

[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/125647

[5]https://www.cve.org/CVERecord?id=CVE-2017-20219

Changelog

03.05.2017Initial release

05.05.2017Added reference [2] and [3]

30.05.2017Added reference [4]

24.03.2026Added reference [5]