Описание
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:h:cisco:wvc54gca:1.00r22:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wvc54gca:1.00r24:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13846
Средний
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.
EPSS
Процентиль: 94%
0.13846
Средний
4.3 Medium
CVSS2
Дефекты
CWE-79