Summary
This host has D-link IP Camera and is
prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attacker to
execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
No solution or patch is available as of
9th February, 2015. Information regarding this issue will updated once the solution details are available.
For updates refer to http://www.dlink.com
Insight
The flaw is due to an input passed via
the vb.htm script to the 'QUERY_STRING ' parameter is not properly sanitized.
Affected
D-link IP camera DCS-2103 with firmware before 1.20
Detection
Send a crafted HTTP GET request and check
whether it is able read the cookie
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9517 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- AdaptCMS 'init.php' Remote File Include Vulnerability
- Apache Tomcat TroubleShooter Servlet Installed