CVE-2018-7827

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 54.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ime119-1ei Firmware Schneider-electric Ime119-1ep Firmware Schneider-electric Ime119-1es Firmware +56 more

Timeline

PublishedMay 22

Latest updateMay 24

Description

A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages59 packages

▶NVDschneider-electric/ixe11_firmware< 2.2.3.0

▶NVDschneider-electric/ixe21_firmware< 2.2.3.0

▶NVDschneider-electric/ixe31_firmware< 2.2.3.0

▶NVDschneider-electric/ixes1_firmware< 2.2.3.0

▶NVDschneider-electric/ime119-1i_firmware< 2.2.3.0

🔴Vulnerability Details

GHSA

GHSA-2f54-rmw2-852f: A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen↗2022-05-24

▶

CVEList

CVE-2018-7827: A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen↗2019-05-22

▶