CVE-2017-16567

MEDIUM

Logitech Media Server 7.9.0 - Stored Cross-Site Scripting in Favorites Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-16567. PoCs published by Dewank Pant, dewankpant.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Logitech Media Server 7.9.0 by injecting a script payload into the 'favorites' tab, which executes every time the page is accessed.

Description

Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality. Exploitation of this vulnerability can lead to Session Hijacking and Credential Theft, Execution of unauthorized actions on behalf of users, and Exfiltration of sensitive data. This vulnerability presents a potential risk for widespread exploitation in connected IoT environments.

Exploits (2)

exploitdb WORKING POC
by Dewank Pant · textwebappsmultiple
https://www.exploit-db.com/exploits/43122

This exploit demonstrates a persistent XSS vulnerability in Logitech Media Server 7.9.0 by injecting a script payload into the 'favorites' tab, which executes every time the page is accessed.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Logitech Media Server 7.9.0
Auth required
Prerequisites: Access to the Logitech Media Server interface · Ability to add a new favorite
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 1 stars
by dewankpant · poc
https://github.com/dewankpant/CVE-2017-16567

This repository contains a writeup describing a persistent XSS vulnerability in Logitech Media Server 7.9.0. The exploit involves adding a malicious script to the favorites tab, which executes when accessed.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Logitech Media Server 7.9.0
Auth required
Prerequisites: Access to the Logitech Media Server interface · Ability to add a favorite
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/43122/

Scores

CVSS v3 5.4
EPSS 0.0224
EPSS Percentile 80.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
logitech/media_server 7.9.0
Published Nov 10, 2017
Tracked Since Feb 18, 2026