CVE-2017-16568

MEDIUM

Logitech Media Server 7.9.0 - Stored Cross-Site Scripting in Radio Functionality

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-16568. PoCs published by Dewank Pant, dewankpant.

AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in Logitech Media Server 7.9.0. The exploit involves injecting a JavaScript payload into the Radio URL field, which executes when the image is clicked.

Description

Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio stream. Exploitation of this vulnerability can lead to Session hijacking and unauthorized access, Persistent manipulation of web content within the application, and Phishing or malicious redirects to external domains. This vulnerability can be exploited to manipulate media server behavior in enterprise and home network environments.

Exploits (2)

exploitdb WRITEUP
by Dewank Pant · textwebappsmultiple
https://www.exploit-db.com/exploits/43123

This is a writeup describing a persistent XSS vulnerability in Logitech Media Server 7.9.0. The exploit involves injecting a JavaScript payload into the Radio URL field, which executes when the image is clicked.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Logitech Media Server 7.9.0
Auth required
Prerequisites: Access to the Radio URL tab in Logitech Media Server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 1 stars
by dewankpant · poc
https://github.com/dewankpant/CVE-2017-16568

This repository contains a writeup describing a persistent XSS vulnerability in Logitech Media Server 7.9.0. The PoC involves injecting a JavaScript payload via the Radio URL tab, which executes upon clicking an image.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Logitech Media Server 7.9.0
Auth required
Prerequisites: Access to the Logitech Media Server interface · Ability to add a new Radio URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/43123/

Scores

CVSS v3 5.4
EPSS 0.0198
EPSS Percentile 78.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
logitech/media_server 7.9.0
Published Nov 10, 2017
Tracked Since Feb 18, 2026