SERVER-WEBAPP Kodi playlist creation persistent cross site scripting attempt
This event is generated when an attacker attempts to exploit a cross site scripting vulnerability in the Kodi webapp.
Attempted User Privilege Gain
CVSS base score 6.1
CVSS impact score 2.7
CVSS exploitability score 2.8
Confidentiality Impact LOW
Integrity Impact LOW
Availability Impact NONE
Rule checks for attempts to exploit a cross site scripting vulnerability in the Kodi webapp.
CVE-2018-8831: A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
Ease of attack
- Cisco's Talos Intelligence Group