30 matches found
CVE-2024-29192
CVE-2024-29192 affects gotortc (camera streaming app). The vulnerability arises from CSRF in the /api/config endpoint, which can modify existing configuration with user-supplied values and, via the exec handler, enable arbitrary command execution. The issue exists even though the API may be restr...
CVE-2024-29192 GHSL-2023-206 gotortc Cross-Site Request Forgery vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...
CVE-2024-29191
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...
CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...
CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...
CVE-2024-29191
CVE-2024-29191 affects gotortc (camera streaming app); versions 1.8.5 and earlier are vulnerable to DOM-based XSS. The vulnerability arises when links.html appends the src GET parameter into links via innerHTML, causing text to be interpreted as HTML. A patch was committed (3b3d5b033aac3a019af64f...
CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...
PT-2024-22796
Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: The issue concerns a camera streaming application. It allows modification of the existing configuration with user-supplied values through the /api/config endpoint. Although this API only allows...
PT-2024-22797
Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: gotortc is a camera streaming application. The index page index.html shows available streams by fetching the API on the client side, using Object.entries to iterate over the result, and appending...
PT-2024-22795 · Gotortc · Gotortc
Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: The issue is related to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being append...