A cross-site scripting vulnerability exists in NUUO Network Video Recorder (NVR), a network video recorder from NUUO, Taiwan, China, which stems from a lack of effective filtering and escaping of user-submitted request parameters, which could be exploited by an attacker to steal a user’s session by injecting malicious JavaScript code. could be exploited to steal a user’s session by injecting malicious JavaScript code, resulting in session hijacking.