Описание
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.3 (включая)
cpe:2.3:a:ui:unifi_video:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01625
Низкий
6 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
EPSS
Процентиль: 81%
0.01625
Низкий
6 Medium
CVSS2
Дефекты
CWE-264