Arbitrary JavaScript Code Execution via HTTP Referer Header in VIVOTEK Network Camera Series

Arbitrary JavaScript Code Execution via HTTP Referer Header in VIVOTEK Network Camera Series

CVE-2018-18244 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.

Learn more about our Network Penetration Testing.