6 matches found
AXIS Communications - Cross-Site Scripting / Content Injection(CVE-2015-8258)
Technical Details The variable "imagePath=" that is prone to XSS in a large range of products also can be used to resource injection intents. If inserted a URL in this variable will be made an GET request to this URL, so this an interesting point to request malicious codes from the attacker...
CVE-2015-8258
CVE-2015-8258 affects AXIS Communications devices with firmware up to 5.80.x. The issue is a resource injection via the imagePath parameter in view.shtml, enabling XSS/Open Script Editor abuse to potentially cause a URL-based request to attacker-controlled content. The vulnerability arises from h...
AXIS Communications XSS / Content Inclusion Vulnerabilities
Exploit for hardware platform in category web applications Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name: CVE-2015-8258 -...
AXIS Communications XSS / Content Inclusion
0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...
AXIS Communications - Cross-Site Scripting Content Injection
AXIS Communications - Cross-Site Scripting Content Injection 0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs -...
AXIS Communications - Cross-Site Scripting / Content Injection
0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...