HIGH🇵🇱 Wersja polska

CVE-2021-23848

CVSS 8.3v3.1pub. 2021-06-09upd. 2024-11-21

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Bosch Cpp13

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp13 Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Cpp4

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp4 Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Cpp6

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp6 Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Cpp7

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp7.3

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp7.3 Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Cpp7 Firmware

    OS
    Bosch
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2021-23847CRITICAL9.8ten sam produkt

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to...

CVE-2023-39509HIGH7.2ten sam produkt

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administra...

CVE-2021-23849HIGH7.5ten sam produkt

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an ...

CVE-2021-23853HIGH8.3ten sam produkt

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP header...

CVE-2021-23854HIGH8.3ten sam produkt

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting ...