Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2006-2490

Published: 19/05/2006 Updated: 18/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 445
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions prior to 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote malicious users to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.

Vulnerable Product Search on Vulmon Subscribe to Product

mobotix mobotix ip network camera m10 2.0.5.2

mobotix mobotix ip network camera d10

mobotix mobotix ip network camera m1 1.9.4.7

mobotix mobotix ip network camera m22

Exploits

Exploit DB: obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - 'eventplayer?get_image_info_abspath' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/18022/info The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the device to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in t ...
Exploit DB: obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - help Script Cross-Site Scripting
source: wwwsecurityfocuscom/bid/18022/info The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the device to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the c ...
Exploit DB: obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - 'events.tar?source_ip' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/18022/info The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the device to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the ...

References

CWE-79http://www.eazel.es/media/advisory001.htmlhttp://www.securityfocus.com/bid/18022http://secunia.com/advisories/20151http://www.osvdb.org/25621http://www.osvdb.org/25622http://www.osvdb.org/25623http://securitytracker.com/id?1016128http://www.attrition.org/pipermail/vim/2006-August/000980.htmlhttp://securityreason.com/securityalert/929http://www.vupen.com/english/advisories/2006/1857https://exchange.xforce.ibmcloud.com/vulnerabilities/26538http://www.securityfocus.com/archive/1/444018/100/0/threadedhttp://www.securityfocus.com/archive/1/434289/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/27894/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834CVE-2024-30100CVE-2024-4577physicaldosCVE-2024-30099CVE-2024-27801CVE-2024-32146logic flaw
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook