13 matches found
Uniview NVR301-04S2-P4 - Cross-Site Scripting
Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the findi...
EUVD-2024-32418
Malicious code in bioql PyPI...
Information leakage vulnerability in NVR301-08-P8 of Zhejiang Yushu Technology Co.
NVR301-08-P8 is an NVR video recorder device produced by Zhejiang Yusi Technology Co. Ltd. NVR301-08-P8 suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
CVE-2024-3850
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack XSS. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is...
CVE-2024-3850
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack XSS. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is...
CVE-2024-3850 Uniview NVR301-04S2-P4 Cross-site Scripting
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack XSS. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is...
CVE-2024-3850 Uniview NVR301-04S2-P4 Cross-site Scripting
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack XSS. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is...
CVE-2024-3850
Affected product: Uniview NVR301-04S2-P4. Vulnerability: reflected cross-site scripting (XSS) via the PATH of LAPI. Root cause: improper neutralization of input during web page generation (CWE-79), with XSS possible on pages under /LAPI/. Some sources note authentication is required; others indic...
Uniview NVR301-04S2-P4 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits available Vendor : Uniview Equipment : NVR301-04S2-P4 Vulnerability : Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute...
Uniview NVR301-04S2-P4 Cross Site Scripting
Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting XSS Author: Bleron Rrustemi Discovery Date: 2022-11-15 Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ Datasheet:: https://www.uniview.com/download.do?id=1761643 Device Firmware:...
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting Vulnerability
Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting XSS Author: Bleron Rrustemi Discovery Date: 2022-11-15 Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ Datasheet:: https://www.uniview.com/download.do?id=1761643 Device Firmware:...
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting XSS Author: Bleron Rrustemi Discovery Date: 2022-11-15 Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ Datasheet:: https://www.uniview.com/download.do?id=1761643 Device Firmware:...
Uniview NVR - Password Disclosure
Uniview NVR remote passwords disclosure Author: B1t The Uniview NVR web application does not enforce authorizations on the main.cgi file when requesting json data. It says that you can do anything without authentication, however you must know the request structure. In addition, the users' passwor...