CVE-2017-20219
Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser
Description
Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to document.write() in the mediabrowser component to execute code in a user's browser context.
INFO
Published Date :
March 15, 2026, 6:34 p.m.
Last Modified :
March 15, 2026, 6:34 p.m.
Remotely Exploit :
Yes !
Source :
VulnCheck
Affected Products
The following products are affected by CVE-2017-20219
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | 83251b91-4cc7-4094-a5c7-464a1b83ea10 | ||||
| CVSS 4.0 | MEDIUM | 83251b91-4cc7-4094-a5c7-464a1b83ea10 |
Solution
- Update Serviio PRO to the latest version.
- Avoid clicking suspicious links.
- Validate user input on the client-side.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2017-20219 vulnerability anywhere in the article.