CVE-2007-5214: XSS
First published: Thu Oct 04 2007(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AXIS 2100 Network Camera | <=2.02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf
- http://www.securityfocus.com/bid/25837
- http://securityreason.com/securityalert/3188
- http://osvdb.org/39494
- http://osvdb.org/39495
- http://osvdb.org/39493
- http://osvdb.org/39492
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36842
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36841
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36840
- http://www.securityfocus.com/archive/1/480995/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/axis
- canonical/axis 2100 network camera
- version/axis 2100 network camera/2.02