exploitDog

CVE-2018-18005

Опубликовано: 03 янв. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.

Ссылки

http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf
Vendor Advisory
https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244
Exploit
Third Party Advisory
http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-006-v1.pdf
Vendor Advisory
https://blog.securityevaluators.com/vivotek-ip-camera-vulnerabilities-discovered-and-exploited-2e2531ecd244
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:vivotek:camera:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00272

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jq3w-x8jr-gmm3

CVSS3: 6.1

github

больше 3 лет назад

Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.

EPSS

Процентиль: 50%

0.00272

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79