Emby MediaServer version 3.2.5 suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the URL path filename when handling 'not found' errors. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
de3ade950678067a800aa9e801f9765d
Emby MediaServer 3.2.5 Reflected XSS Vulnerability
Vendor: Emby LLC
Product web page: https://www.emby.media
Affected version: 3.2.5
3.1.5
3.1.2
3.1.1
3.1.0
3.0.0
Summary: Emby (formerly Media Browser) is a media server designed to organize,
play, and stream audio and video to a variety of devices. Emby is open-source,
and uses a client-server model. Two comparable media servers are Plex and Windows
Media Center.
Desc: Emby suffers from a XSS issue due to a failure to properly sanitize user-supplied
input to the URL path filename when handling 'not found' errors. Attackers can exploit
this weakness to execute arbitrary HTML and script code in a user's browser session.
Tested on: Microsoft Windows 7 Professional SP1 (EN)
Mono-HTTPAPI/1.1, UPnP/1.0 DLNADOC/1.50
Ubuntu Linux 14.04.5
MacOS Sierra 10.12.3
SQLite3
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2017-5402
Advisory URL: http://zeroscience.mk/en/vulnerabilities/ZSL-2017-5402.php
SSD Advisory: https://blogs.securiteam.com/index.php/archives/3098
22.12.2016
--
PoC:
http://TARGET/web/"><script>alert(251)</script>