# Exploit Title: Logitech Media Server : Persistent Cross Site Scripting(XSS) # Shodan Dork: Search Logitech Media Server # Date: 11/03/2017 # Exploit Author: Dewank Pant # Vendor Homepage: www.logitech.com # Software Link: [download link if available] # Version: 7.9.0 # Tested on: Windows 10, Linux # CVE : Applied For. POC: Access and go to the favorites tab and add a new favorite. Add script as the value of the field. Payload : Script saved and gives a pop-up to user every time they access that page. Therefore, Persistent XSS. # Exploit Title: Logitech Media Server : HTML code injection and execution. # Shodan Dork: Search Logitech Media Server # Date: 11/03/2017 # Exploit Author: Dewank Pant # Vendor Homepage: www.logitech.com # Version: 7.9.0 # Tested on: Windows 10, Linux # CVE : Applied For. POC: 1. Access and go to the Radio URL tab and add a new URL. 2. Add script as the value of the field. 3. Payload : 4. Script saved and gives an image msg with a javascript execution on image click. 5. Therefore, Persistent XSS.