CVE-2021-23848
published 2021-06-09CVE-2021-23848: An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.55%
42.0th percentile
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bosch | cpp_firmware | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3h4x-jrvr-p38w: An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface
ghsa_unreviewed·2022-05-24
CVE-2021-23848 [MEDIUM] CWE-79 GHSA-3h4x-jrvr-p38w: An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface
An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.
GHSA
Command injection in Alluxio
ghsa·2022-02-21·CVSS 10.0
CVE-2022-23848 [CRITICAL] Command injection in Alluxio
Command injection in Alluxio
In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-06-09
Published