# Exploit Title: Logitech Media Server : HTML code injection and execution. # Shodan Dork: Search Logitech Media Server # Date: 11/03/2017 # Exploit Author: Dewank Pant # Vendor Homepage: www.logitech.com # Version: 7.9.0 # Tested on: Windows 10, Linux # CVE : Applied For. POC: 1. Access and go to the Radio URL tab and add a new URL. 2. Add script as the value of the field. 3. Payload : 4. Script saved and gives an image msg with a javascript execution on image click. 5. Therefore, Persistent XSS.