virus logo Intrusion Prevention

FG-VD-19-040_Plex.Web.Client.0day

description-logoDescription

This indicates an attack attempt against a Cross-Site Scripting (XSS) vulnerability in Plex Media Server.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in the execution of arbitrary script code in the browser.

affected-products-logoAffected Products

Plex Media Server 3.83.1

Impact logoImpact

System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser

recomended-action-logoRecommended Actions

Refer to the vendor supplied advisory for updates:
https://www.plex.tv/media-server-downloads/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-05-12 15.842 Default_action:pass:drop
2019-10-23 14.709 Default_action:drop:pass
2019-10-22 14.708
ID 47702
Created Oct 22, 2019
Updated May 11, 2020
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS All
Affected App PHP_app