Lucene search

K
nvd[email protected]NVD:CVE-2024-3850
HistoryJun 10, 2024 - 5:16 p.m.

CVE-2024-3850

2024-06-1017:16:33
CWE-79
web.nvd.nist.gov
6
uniview nvr301-04s2-p4
cross-site scripting
authentication
browser
javascript

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

14.1%

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.

Affected configurations

NVD
Node
univiewnvr301-04s2-p4_firmwareRange<nvr-b3801.20.17.240507
AND
univiewnvr301-04s2-p4Match-

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

14.1%

Related for NVD:CVE-2024-3850