RSS   Vulnerabilities for 'UCRM'   RSS

2018-07-03
 
CVE-2017-0912

CWE-79
 

 
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling".

 

 >>> Vendor: UI 20 Products
Aircam
Aircam dome
Aircam mini
Airvision firmware
Unifi
Unifi video
Unifi controller
Edgeos
Edgeswitch x
Aircam firmware
Unifi firmware
UCRM
Edgeswitch
Airvision controller
Mfi controller
Cloud key gen2
Cloud key gen2 plus
Unifi protect
Unifi talk
Unifi switch firmware


Copyright 2024, cxsecurity.com

 

Back to Top