Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 04/10/2007 Updated: 15/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.

Vulnerable Product	Search on Vulmon	Subscribe to Product
axis 2100 network camera

CWE-79 http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf http://www.securityfocus.com/bid/25837 http://securityreason.com/securityalert/3188 http://osvdb.org/39494 http://osvdb.org/39495 http://osvdb.org/39493 http://osvdb.org/39492 https://exchange.xforce.ibmcloud.com/vulnerabilities/36842 https://exchange.xforce.ibmcloud.com/vulnerabilities/36841 https://exchange.xforce.ibmcloud.com/vulnerabilities/36840 http://www.securityfocus.com/archive/1/480995/100/0/threaded https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-5214

Vulnerability Summary

References

Vulmon Search

About

Products

Connect