CVE-2017-20219 MEDIUM

CVE-2017-20219: Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser

Vendor Serviio
Product Serviio PRO
Weakness CWE-79 · XSS
Published March 15, 2026
Last update May 24, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location and passed to document.write() in the mediabrowser component to execute code in a user's browser context.

Key dates

02Disclosure timeline

March 15, 2026 CVE published
May 24, 2026 Record updated