HIGH🇵🇱 Wersja polska

CVE-2021-23854

CVSS 8.3v3.1pub. 2021-06-09upd. 2024-11-21

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Bosch Cpp13

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp13 Firmware

    OS
    Bosch
    7.757.76
  • Bosch Cpp6

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp6 Firmware

    OS
    Bosch
    7.627.707.72
  • Bosch Cpp7

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp7.3

    HW
    Bosch
    wszystkie wersje
  • Bosch Cpp7.3 Firmware

    OS
    Bosch
    7.627.707.72
  • Bosch Cpp7 Firmware

    OS
    Bosch
    7.627.707.72
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2021-23847CRITICAL9.8ten sam produkt

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to...

CVE-2023-39509HIGH7.2ten sam produkt

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administra...

CVE-2021-23849HIGH7.5ten sam produkt

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an ...

CVE-2021-23853HIGH8.3ten sam produkt

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP header...

CVE-2021-23848HIGH8.3ten sam produkt

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-bas...