CVE-2017-16567

Name of the Vulnerable Software and Affected Versions Logitech Media Server version 7.9.0

Description The issue is related to a Cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via a favorite. This vulnerability can lead to Session Hijacking and Credential Theft, Execution of unauthorized actions on behalf of users, and Exfiltration of sensitive data. It presents a potential risk for widespread exploitation in connected IoT environments.

Recommendations For Logitech Media Server version 7.9.0, consider disabling the Favorites feature until a patch is available to prevent the injection and permanent storage of malicious JavaScript payloads. Restrict access to the affected functionality to minimize the risk of exploitation. Avoid using the favorite feature in the affected version until the issue is resolved.