Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions prior to 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote malicious users to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mobotix mobotix ip network camera m10_2.0.5.2 |
||
mobotix mobotix ip network camera m22 |
||
mobotix mobotix ip network camera d10 |
||
mobotix mobotix ip network camera m1_1.9.4.7 |