{"id": "EDB-ID:27893", "type": "exploitdb", "bulletinFamily": "exploit", "title": "obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - events.tar source_ip Parameter XSS", "description": "obotix IP Camera M1 1.9.4 .7/M10 2.0.5 .2 events.tar source_ip Parameter XSS. CVE-2006-2490. Remote exploit for hardware platform", "published": "2006-05-17T00:00:00", "modified": "2006-05-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/27893/", "reporter": "Jaime Blasco", "references": [], "cvelist": ["CVE-2006-2490"], "lastseen": "2016-02-03T06:59:18", "viewCount": 12, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2016-02-03T06:59:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-2490"]}, {"type": "osvdb", "idList": ["OSVDB:25623", "OSVDB:25621", "OSVDB:25622"]}, {"type": "exploitdb", "idList": ["EDB-ID:27892", "EDB-ID:27894"]}], "modified": "2016-02-03T06:59:18", "rev": 2}, "vulnersScore": 5.7}, "sourceHref": "https://www.exploit-db.com/download/27893/", "sourceData": "source: http://www.securityfocus.com/bid/18022/info\r\n \r\nThe Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input. \r\n \r\nAn attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nhttp://www.example.com/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E&download=egal", "osvdbidlist": ["25622"]}

{"cve": [{"lastseen": "2020-10-03T11:48:15", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.\nVendor Provided Solution Statement:\r\n\r\nAccording the vendor, MOBOTIX \"has resolved this problem as of 2006-06-27.\r\nMOBOTIX AG provides new software versions that include a security patch that prevents cross site scripting flaws. Customers are encouraged to upgrade to at least software version\r\n- V2.2.3.18 (for camera models M10/D10) and\r\n- V3.0.3.31 (for camera model M22)\r\nor higher (if available). The software is available for download from our website http://www.mobotix.com/services/software_downloads\"\r\n", "edition": 3, "cvss3": {}, "published": "2006-05-19T23:02:00", "title": "CVE-2006-2490", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2490"], "modified": "2018-10-18T16:40:00", "cpe": ["cpe:/a:mobotix:mobotix_ip_network_camera:m10_2.0.5.2", "cpe:/a:mobotix:mobotix_ip_network_camera:d10", "cpe:/a:mobotix:mobotix_ip_network_camera:m1_1.9.4.7", "cpe:/a:mobotix:mobotix_ip_network_camera:m22"], "id": "CVE-2006-2490", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2490", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mobotix:mobotix_ip_network_camera:d10:*:*:*:*:*:*:*", "cpe:2.3:a:mobotix:mobotix_ip_network_camera:m10_2.0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:mobotix:mobotix_ip_network_camera:m1_1.9.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:mobotix:mobotix_ip_network_camera:m22:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2490"], "edition": 1, "description": "## Vulnerability Description\nMobotix IP Network Camera contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied variables upon submission to the 'help' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version V2.2.3.18 (for camera models M10/D10) or V3.0.3.31 (for camera model M22) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMobotix IP Network Camera contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied variables upon submission to the 'help' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/help/help?%3CBODY%20ONLOAD=alert('hi')%3E\n## References:\nVendor URL: http://www.mobotix.com/\nSecurity Tracker: 1016128\n[Secunia Advisory ID:20151](https://secuniaresearch.flexerasoftware.com/advisories/20151/)\n[Related OSVDB ID: 25623](https://vulners.com/osvdb/OSVDB:25623)\n[Related OSVDB ID: 25622](https://vulners.com/osvdb/OSVDB:25622)\nOther Advisory URL: http://www.eazel.es/media/advisory001.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0337.html\nMail List Post: http://attrition.org/pipermail/vim/2006-August/000980.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0422.html\nISS X-Force ID: 26538\nFrSIRT Advisory: ADV-2006-1857\n[CVE-2006-2490](https://vulners.com/cve/CVE-2006-2490)\nBugtraq ID: 18022\n", "modified": "2006-05-17T09:47:34", "published": "2006-05-17T09:47:34", "href": "https://vulners.com/osvdb/OSVDB:25621", "id": "OSVDB:25621", "title": "Mobotix IP Network Camera help Script XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2490"], "edition": 1, "description": "## Vulnerability Description\nMobotix IP Network Camera contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'get_image_info_abspath' variable upon submission to the eventplayer script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version V2.2.3.18 (for camera models M10/D10) or V3.0.3.31 (for camera model M22) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMobotix IP Network Camera contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'get_image_info_abspath' variable upon submission to the eventplayer script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert('hi')%3E\n## References:\nVendor URL: http://www.mobotix.com/\nSecurity Tracker: 1016128\n[Secunia Advisory ID:20151](https://secuniaresearch.flexerasoftware.com/advisories/20151/)\n[Related OSVDB ID: 25621](https://vulners.com/osvdb/OSVDB:25621)\n[Related OSVDB ID: 25622](https://vulners.com/osvdb/OSVDB:25622)\nOther Advisory URL: http://www.eazel.es/media/advisory001.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0337.html\nMail List Post: http://attrition.org/pipermail/vim/2006-August/000980.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0422.html\nISS X-Force ID: 26538\nFrSIRT Advisory: ADV-2006-1857\n[CVE-2006-2490](https://vulners.com/cve/CVE-2006-2490)\nBugtraq ID: 18022\n", "modified": "2006-05-17T09:47:34", "published": "2006-05-17T09:47:34", "href": "https://vulners.com/osvdb/OSVDB:25623", "id": "OSVDB:25623", "title": "Mobotix IP Network Camera eventplayer get_image_info_abspath Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2490"], "edition": 1, "description": "## Vulnerability Description\nMobotix IP Network Camera contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'source_ip' variable upon submission to the events.tar script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nUpgrade to version V2.2.3.18 (for camera models M10/D10) or V3.0.3.31 (for camera model M22) or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nMobotix IP Network Camera contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'source_ip' variable upon submission to the events.tar script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert('hi')%3E&download=egal\n## References:\nVendor URL: http://www.mobotix.com/\nSecurity Tracker: 1016128\n[Secunia Advisory ID:20151](https://secuniaresearch.flexerasoftware.com/advisories/20151/)\n[Related OSVDB ID: 25621](https://vulners.com/osvdb/OSVDB:25621)\n[Related OSVDB ID: 25623](https://vulners.com/osvdb/OSVDB:25623)\nOther Advisory URL: http://www.eazel.es/media/advisory001.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0337.html\nMail List Post: http://attrition.org/pipermail/vim/2006-August/000980.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0422.html\nISS X-Force ID: 26538\nFrSIRT Advisory: ADV-2006-1857\n[CVE-2006-2490](https://vulners.com/cve/CVE-2006-2490)\nBugtraq ID: 18022\n", "modified": "2006-05-17T09:47:34", "published": "2006-05-17T09:47:34", "href": "https://vulners.com/osvdb/OSVDB:25622", "id": "OSVDB:25622", "title": "Mobotix IP Network Camera events.tar source_ip Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T06:59:07", "description": "obotix IP Camera M1 1.9.4 .7/M10 2.0.5 .2 help Script XSS. CVE-2006-2490 . Remote exploit for hardware platform", "published": "2006-05-17T00:00:00", "type": "exploitdb", "title": "obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - help Script XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-2490"], "modified": "2006-05-17T00:00:00", "id": "EDB-ID:27892", "href": "https://www.exploit-db.com/exploits/27892/", "sourceData": "source: http://www.securityfocus.com/bid/18022/info\r\n\r\nThe Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input. \r\n\r\nAn attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nhttp://www.example.com/help/help?%3CBODY%20ONLOAD=alert('www.eazel.es')%3E", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27892/"}, {"lastseen": "2016-02-03T06:59:28", "description": "obotix IP Camera M1 1.9.4 .7/M10 2.0.5 .2 eventplayer get_image_info_abspath Parameter XSS. CVE-2006-2490. Remote exploit for hardware platform", "published": "2006-05-17T00:00:00", "type": "exploitdb", "title": "obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - eventplayer get_image_info_abspath Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-2490"], "modified": "2006-05-17T00:00:00", "id": "EDB-ID:27894", "href": "https://www.exploit-db.com/exploits/27894/", "sourceData": "source: http://www.securityfocus.com/bid/18022/info\r\n \r\nThe Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input. \r\n \r\nAn attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nhttp://www.example.com/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27894/"}]}