CVE-2017-16568

Name of the Vulnerable Software and Affected Versions Logitech Media Server version 7.9.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via a radio URL, leading to persistent cross-site scripting (XSS) attacks. This enables attackers to inject malicious JavaScript payloads that become permanently stored on the server and execute when a user plays the compromised radio stream. Exploitation can result in session hijacking, unauthorized access, persistent manipulation of web content, and phishing or malicious redirects to external domains. The vulnerability can manipulate media server behavior in enterprise and home network environments.

Recommendations For Logitech Media Server version 7.9.0, consider disabling the "Radio" functionality as a temporary workaround until a patch is available. Restrict access to the radio URL to minimize the risk of exploitation. Avoid using the radio URL in the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.