Lucene search
+L

30 matches found

CVE
CVE
added 2024/04/04 6:8 p.m.84 views

CVE-2024-29192

CVE-2024-29192 affects gotortc (camera streaming app). The vulnerability arises from CSRF in the /api/config endpoint, which can modify existing configuration with user-supplied values and, via the exec handler, enable arbitrary command execution. The issue exists even though the API may be restr...

8.8CVSS9AI score0.00471EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/04/04 6:8 p.m.33 views

CVE-2024-29192 GHSL-2023-206 gotortc Cross-Site Request Forgery vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

8.8CVSS8.6AI score0.00471EPSS
Exploits1References4
NVD
NVD
added 2024/04/04 3:15 p.m.37 views

CVE-2024-29191

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

6.1CVSS6AI score0.00447EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/04 2:52 p.m.46 views

CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

6.1CVSS6.2AI score0.00447EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/04 2:52 p.m.15 views

CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

6.1CVSS6AI score0.00447EPSS
Exploits1References2
CVE
CVE
added 2024/04/04 2:52 p.m.76 views

CVE-2024-29191

CVE-2024-29191 affects gotortc (camera streaming app); versions 1.8.5 and earlier are vulnerable to DOM-based XSS. The vulnerability arises when links.html appends the src GET parameter into links via innerHTML, causing text to be interpreted as HTML. A patch was committed (3b3d5b033aac3a019af64f...

6.1CVSS5.9AI score0.00447EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/04/04 2:52 p.m.27 views

CVE-2024-29191 GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being appended is innerHTML 1, which will insert th...

6.1CVSS5.8AI score0.00447EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.15 views

PT-2024-22796

Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: The issue concerns a camera streaming application. It allows modification of the existing configuration with user-supplied values through the /api/config endpoint. Although this API only allows...

8.8CVSS8.7AI score0.00471EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.8 views

PT-2024-22797

Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: gotortc is a camera streaming application. The index page index.html shows available streams by fetching the API on the client side, using Object.entries to iterate over the result, and appending...

6.1CVSS5.2AI score0.00453EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.5 views

PT-2024-22795 · Gotortc · Gotortc

Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: The issue is related to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being append...

6.1CVSS6.8AI score0.00447EPSS
Exploits1References10
Rows per page
Query Builder