Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to inject arbitrary web script or HTML via the (1) SYSCONTACT parameter to form/identityApply, as triggered using en/identity.asp; (2) PASSWD parameter to form/accAdd, as triggered using en/account/accedit.asp; (3) NTPSERVER parameter to form/clockApply, as triggered using en/clock.asp; (4) SERVER parameter to form/smtpclientApply, as triggered using en/smtpclient.asp; (5) SERVER parameter to form/ftpApply, as triggered using en/ftp.asp; or (6) SERVER parameter to form/httpEventApply, as triggered using en/httpevent.asp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Y-Cam产品跨站脚本漏洞
Vulnerability Description
Y-Cam camera models SD range YCB003等都是英国Y-Cam公司的网络摄像机产品。 多款Y-Cam产品中存在跨站脚本漏洞,该漏洞源于en/identity.asp文件没有充分过滤‘SYSCONTACT’参数;en/account/accedit.asp文件没有充分过滤‘PASSWD’参数;en/clock.asp文件没有充分过滤‘NTPSERVER’参数;en/smtpclient.asp文件没有充分过滤‘SERVER’参数;en/ftp.asp文件没有充分过滤‘SERVER
CVSS Information
N/A
Vulnerability Type
N/A