FG-VD-19-040_Plex.Web.Client.0day
Description
This indicates an attack attempt against a Cross-Site Scripting (XSS) vulnerability in Plex Media Server.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in the execution of arbitrary script code in the browser.
Affected Products
Plex Media Server 3.83.1
Impact
System Compromise : Remote attackers can execute arbitrary script code within the context of the target user's browser
Recommended Actions
Refer to the vendor supplied advisory for updates:
https://www.plex.tv/media-server-downloads/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |