2 matches found
CVE-2015-8255
CVE-2015-8255 describes a Cross-Site Request Forgery vulnerability in AXIS Communications devices with a Web Interface. The embedded web app does not verify that a request is intentionally submitted by the user, enabling unauthorized state-changing actions. Documented impact includes CSRF-enabled...
CVE-2015-8258
CVE-2015-8258 affects AXIS Communications devices with firmware up to 5.80.x. The issue is a resource injection via the imagePath parameter in view.shtml, enabling XSS/Open Script Editor abuse to potentially cause a URL-based request to attacker-controlled content. The vulnerability arises from h...