Video Insight Security Vulnerabilities

CVE-2023-38574

Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

CVE-2023-39938

Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script.

CVE-2023-40535

Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.

CVE-2023-40705

Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script.