Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Universal Media Server v13.2.1 - Cross Site Scripting

By kannthu

Vidoc logoVidoc Module

What is "Universal Media Server v13.2.1 - Cross Site Scripting?"

The "Universal Media Server v13.2.1 - Cross Site Scripting" module is designed to detect a reflected cross-site scripting (XSS) vulnerability in Universal Media Server v13.2.1 CMS v2.0. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access or data theft. The severity of this vulnerability is classified as medium.

This module was authored by r3Y3r53.


If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code within the context of the affected web application. This can lead to various consequences, including the theft of sensitive information, session hijacking, or the spread of malware to other users.

How the module works?

The module sends an HTTP GET request to the Universal Media Server v13.2.1 CMS v2.0 with a specific payload. It then checks the response for specific conditions to determine if the vulnerability is present.

Example HTTP request:

GET /%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
Host: [target_host]

The module uses the following matching conditions:

- The response body must contain the following words: "<script>alert(document.domain)</script>" and "404 - File Not Found". - The response header must contain the word "text/html". - The HTTP status code must be 200.

If all the matching conditions are met, the module reports the vulnerability.


- Universal Media Server 13.2.1 Cross-Site Scripting


Fixed in version 13.2

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: <script>alert(document.domain)</script>,...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability