2 matches found
CVE-2024-3850
Affected product: Uniview NVR301-04S2-P4. Vulnerability: reflected cross-site scripting (XSS) via the PATH of LAPI. Root cause: improper neutralization of input during web page generation (CWE-79), with XSS possible on pages under /LAPI/. Some sources note authentication is required; others indic...
Uniview NVR301-04S2-P4 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits available Vendor : Uniview Equipment : NVR301-04S2-P4 Vulnerability : Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute...