Cross-Site Scripting Vulnerability in Axis M10 Series Network Cameras

vendor:

Axis M10 Series Network Cameras

by:

Unknown

5.5

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name: Axis M10 Series Network Cameras

Affected Version From: Axis M1054 firmware 5.21

Affected Version To: Unknown

Patch Exists: YES

Related CWE:

CPE: h:axis_communications:m1054

Metasploit:

Other Scripts:

Platforms Tested:

2011

Cross-Site Scripting Vulnerability in Axis M10 Series Network Cameras

The Axis M10 Series Network Cameras are vulnerable to a cross-site scripting vulnerability due to inadequate sanitization of user-supplied data. This vulnerability allows an attacker to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious activities.

Mitigation:

Apply the latest firmware update provided by Axis Communications to address this issue. Avoid clicking on suspicious links or visiting untrusted websites.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50968/info

Axis M10 Series Network Cameras are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Axis M1054 firmware 5.21 is vulnerable; other version may also be affected. 

http://www.example.com/admin/showReport.shtml?content=serverreport.cgi&pageTitle=%3C%2Ftitle%3E%3Cscript%3Ealert(String.fromCharCode(88%2C83%2C83))%3B%3C%2Fscript%3E%3Ctitle%3E