Описание
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:bosch:cpp4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp4:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:bosch:cpp6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:bosch:cpp7_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:bosch:cpp7.3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
cpe:2.3:o:bosch:cpp13_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00393
Низкий
8.3 High
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
github
больше 3 лет назад
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.
EPSS
Процентиль: 60%
0.00393
Низкий
8.3 High
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79