N/A

Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

N/A

N/A

Grandstream 多个IP摄像头跨站脚本漏洞

Grandstream GXV3501等都是美国潮流网络(Grandstream)公司的网络摄像机产品。 Grandstream网络摄像机1.0.4.43及之前的版本中存在跨站脚本漏洞。远程攻击者可借助PATH_INFO参数利用该漏洞注入任意Web脚本或HTML。以下型号受到影响：GXV3501，GXV3504，GXV3601，GXV3601HD/LL，GXV3611HD/LL，GXV3615W/P，GXV3651FHD，GXV3662HD，GXV3615WP_HD, GXV3500。

N/A

N/A