vendor:
Linksys Web Camera software
by:
Unknown
5.5
CVSS
MEDIUM
Cross-site scripting
79
CWE
Product Name: Linksys Web Camera software
Affected Version From: 2.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not provided
CPE: a:linksys:web_camera_software:2.10
Platforms Tested:
Unknown
Cross-site scripting vulnerability in Linksys Web Camera software
The Linksys Web Camera software is prone to a cross-site scripting vulnerability that may allow a remote attacker to steal cookie-based authentication credentials or carry out other attacks. The vulnerability occurs when an attacker passes malicious HTML or script code to the application via the 'next_file' parameter of the 'main.cgi' script.
Mitigation:
It is recommended to update to the latest version of Linksys Web Camera software to mitigate this vulnerability.