Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
firmware AXIS 2100 Network Camera 多个跨站脚本攻击漏洞
Vulnerability Description
firmware 2.43版本及其早期版本中的AXIS 2100 Network Camera 2.02存在多个跨站脚本攻击漏洞, 远程攻击者可以借助以下参数注入任意web脚本或HTML:(1)与一个目录相连的默认URL的PATH_INFO ,例如(a)根目录和(b)view/目录;(2)与保存设置相连的参数,如(c)Network页面的conf_Network_HostName参数和(d)ServerManager.srv的conf_Layout_OwnTitle参数;和(3)ServerManager
CVSS Information
N/A
Vulnerability Type
N/A