CVE-2013-3962

Опубликовано: 01 окт. 2013

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:grandstream:gxv_device_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.4.43 (включая)

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.2.3:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.3.9:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.6:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.7:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.11:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.16:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.27:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.34:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.37:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.38:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.39:*:*:*:*:*:*:*

cpe:2.3:o:grandstream:gxv_device_firmware:1.0.4.42:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:grandstream:gxv3500:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3501:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3504:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3601:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3601hd\/ll:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3611hd\/ll:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3615w\/p:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3615wp_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3651fhd:-:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxv3662hd:-:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00225

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h977-9ffg-frmq

github

больше 3 лет назад